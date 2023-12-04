***Watch previous coverage above.***

(WJW) – The company behind a popular DNA testing website, 23andMe.com, is revealing more details about a data breach that impacted millions of users earlier this year.

The company has been investigating the breach with help from third-party forensic experts and federal law enforcement.

Based on their investigation, a hacker was able to access about 14,000 accounts, making up roughly 0.1% of accounts on the website.

According to a spokesperson from 23andMe, those accounts had usernames and passwords that were “the same as those used on other websites that had been previously compromised or were otherwise available.”

Through those accounts, the hacker had access to files from about 5.5 million DNA Relatives profiles. The hacker also had access to 1.4 million users’ Family Tree profile information.

“We do not have any indication that there has been a breach or data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks,” the spokesperson said..

So, what data was accessed?

DNA Relatives profiles include a display name, relationship labels and predicted relationship and percentage DNA that’s shared with matches. They also could include information in the “introduce yourself” section of user profiles, like ancestry reports, self-reported location, family names and ancestor birth locations.

Family Tree profiles include a display name and relationship labels. They also could include birth year and self-reported location, if users decided to share that information.

23andMe required customers to reset their passwords and set up multi-factor authentication to protect their data.

The company said in a blog post that, if they discovered a customer’s data was accessed, they would notify them directly.

“The company will continue to invest in protecting our systems and data,” the spokesperson said.

