A significant security breach has impacted 23andMe, a genetic testing firm, with nearly seven million customer profiles compromised hackers. This includes personal information such as ancestry reports, zip codes, and birth years. The company initially reported that approximately 14,000 accounts were breached, but they have now confirmed that around 5.5 million profiles using the DNA Relatives feature were accessed, along with family tree information on 1.4 million DNA Relatives profiles.

Engadget, a tech news outlet, first reported the extent of the hack, which highlights yet another major breach affecting a significant number of individuals. This incident follows a similar pattern where initial reports underestimate the scale of the attack. Okta, an identity management firm, recently faced a similar situation where all users in their customer support system had their data stolen, despite earlier reports suggesting only a small fraction were affected.

The hackers used a technique known as credential stuffing, where they exploited reused usernames and passwords from other websites to gain access to 23andMe customer accounts. This rudimentary method was surprisingly effective in compromising a large number of profiles. The company has not disclosed the identity of the hackers involved.

In response to the breach, 23andMe has conducted an extensive investigation with the assistance of third-party forensic experts. As part of their efforts to protect customer data, they are notifying affected users and implementing additional security measures. These measures include requiring all existing customers to reset their passwords and enforcing two-step verification for both new and existing customers.

This breach underscores the importance of strong cybersecurity practices and the need for individuals to use unique and robust passwords across different online platforms. Companies must also remain vigilant to ensure the security of their users’ sensitive information, implementing comprehensive security protocols to mitigate the risk of such breaches occurring in the future.