23 And Me Details
23 And Me
South San Francisco, CA • 816 employees • Professional, Scientific, and Technical Services
Industry
Professional, Scientific, and Technical Services
Security Incidents
1
Security Incidents
23 And Me Breach of Oct 2023
Show more
Given the sensitivity of the data involved, the fact that the breach went undetected for nearly five months, and the potentia...
Show more
Although 23andMe's online services remained operational, the incident led to substantial reputational damag...
Show more
Severity Score
High
Type
Credential StuffingSummary
In October 2023, genetic testing company 23andMe experienced a security breach where unauthorized access was gained to the personal data of approximately 7 million customers. The compromised information included the profiles of 5.5 million individuals who used the DNA Relatives feature, exposing names, birth years, relationship labels, shared DNA details, ancestry reports, and self-reported locations. Additionally, 1.4 million people had their Family Tree profile information accessed. The breach was executed through credential-stuffing attacks using passwords stolen from other breaches, allowi...Show more
Severity
The cyber security incident at 23andMe was particularly severe, affecting nearly 7 million users, which represents about half of its customer base. Hackers accessed detailed genetic information, health predisposition reports, and personal data, including names and addresses. The breach was not only extensive but also alarming due to the specific targeting of users of Jewish and Chinese heritage, posing significant risks of discrimination and potential physical threats.Given the sensitivity of the data involved, the fact that the breach went undetected for nearly five months, and the potentia...
Show more
Impact
The 23andMe cyber incident from 2023 resulted in a significant data breach affecting about 7 million users. This breach compromised highly sensitive data like raw genotype information, health predispositions, and carrier-status reports, especially for users who participated in the DNA relatives feature. Disturbingly, some of this compromised data appeared on dark web forums, particularly targeting users of Ashkenazi Jewish and Chinese descent, exacerbating privacy and security concerns.Although 23andMe's online services remained operational, the incident led to substantial reputational damag...
Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos