Skip to main content
  1. Home
  2. Computing
  3. News

The 23andMe data breach just keeps getting scarier

Add as a preferred source on Google
A 23andMe kit
23andMe

The 23andMe breach that took place in October has been confirmed as much worse than originally reported, affecting 6.9 million people, as opposed to the 14,000 users first thought.

Information stolen in the breach included users’ full names, birth years, relationship labels, and locations. Approximately 1.4 million users also had Family Tree profile information on the service compromised. Hackers could also access genetic information in the breach, including details about common DNA percentages shared with relatives, and specifics such as chromosome matching, according to a spokesperson.

Recommended Videos

Reports indicate that this data has already gone up for sale on the black market, with several ethnic groups already being targeted, and bad actors selling a single person’s information for $1 to $10 in a data set. Meanwhile, the ancestry tracking website appears to be covering its tracks, having quickly sent out terms of service updates to users, which detailed that any legal complaints about this matter must be resolved outside of court. This would bar users from attempting a class action lawsuit as a primary action unless they opt out of a private resolution.

If users want to file a class action lawsuit, they must collectively opt out of a private dispute and can do so by emailing arbitrationoptout@23andme.com within 30 days of the update, which is December 30. This information is detailed at the end of the fifth section of the 23andMe terms of service update, Gizmodo noted.

In a statement about the matter, 23andMe attempted to shift responsibility even further, detailing in a statement that the breach occurred due to members reusing passwords from other accounts. This common cyberattack, known as credential stuffing, allowed hackers to collect already leaked passwords to access the initial 14,000 accounts. From there, they were able to span through more of the company’s database to steal information, according to a spokesperson.

Currently, the early implications of the breach are not known but are sure to become apparent over time. Experts have detailed that even when the collection of consumer data online is legal, there is the potential for implicit bias that can affect hiring decisions, apartment selection, credit applications, and insurance premiums. In illegal instances, identity theft can occur.

Notably, Meta (formerly Facebook) settled a $725 million class-action lawsuit in April, which detailed that the social media platform left users’ and their friends’ data exposed to third parties for profit. The suit added that Facebook had no rules or privacy protection in place for how third parties should interact with its user’s data.

The 23andMe breach similarly has the potential to have genetic data in the wrong hands be used to make deductions about individuals based on health information, such as a diagnosis or medical family history, Electronic Privacy Information Center law fellow, Suzanne Bernstein told the publication.

While the company’s users didn’t have strong password hygiene, other experts note that such a niche organization as 23andMe should realize its position from a cybersecurity standpoint. Hosting such sensitive data makes the company a prime target for cyberattacks and in need of backup login requirements, such as two-factor authentication (2FA).

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
I let Radial menu take over my Mac, and I’m never going back
One mouse jiggle, endless shortcuts. My Mac has never felt this fast.
Radial app running on Mac

I have been testing Radial for the past week, and it's quickly become one of those apps I didn’t know how I could live without. It's a radial menu for macOS that puts your shortcuts, scripts, and automations right where your cursor is, so you never have to go hunting through menus to find what you need.

The app just received its 5.0 update, adding AI actions powered by Claude, window layouts, variables, a redesigned settings interface, a new Atmosphere background effect, and a squircle menu shape. I got to try most of these, and here's what I found.

Read more
Android desktop mode made me miss my laptop in record time
I tried writing and publishing from Google’s phone-to-monitor setup, and the future of mobile computing immediately started sweating.
Computer, Electronics, Laptop

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

Read more
As AI turbocharges digital abuse, UK agencies urge parents to limit who sees kids’ photos online
The National Crime Agency and Internet Watch Foundation are asking parents to tighten privacy settings as AI-generated abuse material rises.
Social Media

Parents who post pictures of their kids online are being told to rethink the habit. The UK's National Crime Agency and the Internet Watch Foundation have issued new guidance urging families to lock down their social media accounts, warning that publicly shared photos are increasingly being pulled and altered by AI tools to create child sexual abuse material.

The two organizations say most parents have no idea this is happening. Criminals no longer need to contact a child directly to generate such material. They can scrape an ordinary photo and run it through widely available nudify apps.

Read more