23andMe Urges Users to Reset Passwords Following Potential Data Breach

55
2
23andMe Urges Users to Reset Passwords Following Potential Data Breach

Paraphrased Text:

The genetic testing company 23andMe is requiring all users to reset their passwords as a precautionary measure after hackers accessed certain accounts. Although 23andMe did not classify the incident as a data breach, the company confirmed that hackers obtained data from some users who used non-unique passwords. This tactic, known as credential stuffing, involves using passwords from previous data breaches to gain unauthorized access to accounts.

The announcement from 23andMe came shortly after hackers advertised the alleged user data on a hacking forum, offering to sell individual profiles. The exposed sample reportedly consisted of the personal information of one million users of Jewish Ashkenazi descent, with another hacker claiming to have data for 100,000 Chinese users.

According to 23andMe, the compromised data was collected from users who had opted in to the DNA Relatives feature, which allows for the automatic sharing of data with others. This means that hackers could potentially access multiple users' data by breaching a single account that had the feature enabled.

A longstanding beta tester of 23andMe expressed disappointment about the incident, emphasizing the amount of personal information the company possesses. While the individual acknowledged the product as impressive, they viewed the breach as a troubling occurrence.

It remains uncertain whether all users have received a password reset email at the time of writing. 23andMe did not address inquiries about verifying the authenticity of the leaked data, revoking session tokens, or implementing changes to their password policy. Cybersecurity experts noted that the company could have responded more promptly to the situation, considering the data surfaced on Wednesday, but password reset requests were only initiated five days later.