[Nancy]

Quote:

Originally Posted by BlackArcher101

That article is behind a paywall and I can't read it, but isn't the "hack" someone that used peoples stolen email addresses and passwords to log in to their 23andme account? Basically they used the same login/pass combo as was stolen elsewhere and tried it? I don't think there was an actual breach of login info or data.

Coles notes, don't use the same password's over and over again.

This is what they have posted on their portal:

Addressing Data Security Concerns
October 6, 2023


We recently learned that certain 23andMe customer profile information that they opted into sharing through our DNA Relatives feature, was compiled from individual 23andMe.com accounts without the account users’ authorization.

After learning of suspicious activity, we immediately began an investigation. While we are continuing to investigate this matter, we believe threat actors were able to access certain accounts in instances where users recycled login credentials – that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked.

We believe that the threat actor may have then, in violation of our Terms of Service, accessed 23andMe.com accounts without authorization and obtained information from certain accounts, including information about users’ DNA Relatives profiles, to the extent a user opted into that service.