Personal genetics firm 23andMe on Tuesday confirmed that hackers using stolen passwords accessed the personal information about 6.9 million of its members.
While the hackers were only able to get into about 14,000 accounts, or 0.1 percent of its customers, they were able to see information shared by genetically linked relatives at 23andMe, a spokesperson said in reply to an AFP inquiry.
23andMe is in the process of notifying affected customers and has hardened account security by requiring users to reset passwords and set up a second authentication method such as sending a temporary code to a mobile phone, according to the spokesperson.
In early October, 23andMe detected that data thieves had gotten into accounts safeguarded by login details recycled from other websites that had been compromised, the company said.
“We do not have any indication that there has been a breach or data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks,” the spokesperson said.
Of the 6.9 million accounts hacked, 5.5 million contained information on genetic matches and may have also included birth dates and locations if provided by users, according to 23andMe.
An additional 1.4 million of the hacked accounts had limited access to some DNA profile information as part of the “Family Tree” feature, the spokesperson said.
23andMe was founded in 2006 and is based in Mountain View, California, where Google also has its headquarters.
