In the new emails, 23andMe told customers there was a breach of one or more accounts connected to theirs through the DNA Relatives feature. That feature allows users around the world to connect and share their personal data, including relationship labels, ancestry reports and matching DNA segments, location, birth year and family names, among other things
Genetics testing company 23andMe sent emails Tuesday to several customers to inform them of a breach into the DNA Relatives feature that allowed them to compare ancestry information with users worldwide.
After a hacker advertised millions of “pieces of data” stolen from 23andMe on an online forum this month, the company had said it was working with federal law enforcement and forensic experts to investigate it.
In the new emails, 23andMe told customers there was a breach of one or more accounts connected to theirs through the DNA Relatives feature. That feature allows users around the world to connect and share their personal data, including relationship labels, ancestry reports and matching DNA segments, location, birth year and family names, among other things.
23andMe provides DNA testing that helps users learn more about their ancestry. Since news of the hack, many customers have expressed worries their ethnicity and other sensitive information could be used against them if leaked.
Several users on social media Tuesday said they received the email, but it was unclear how many customers had been informed. A 23andMe spokeswoman declined to comment, citing its ongoing probe, and referred to the blog where the company said Oct. 20 that it was temporarily disabling features in DNA Relatives to protect user privacy.
Earlier, the company had said hackers may have used credentials leaked from other websites to breach 23andMe accounts — a technique known as “credential stuffing.” It advised users to change their login information and enable two-factor authentication to prevent compromise.