On October 6, 23andMe shared a press release disclosing that the company “recently learned that certain 23andMe customer profile information that they opted into sharing through our DNA Relatives feature was compiled from individual 23andMe.com accounts without the account users’ authorization.”
Cool.(I’m being facetious) .. I love it when I see posts like that. As soon as I saw this, I logged in to my account and changed my password. But because it was linked through my “DNA Relatives,” that really didn’t do any good. Through further news reports, I learned that this was all caused by some people using the same email and password repeatedly. As I understand it, their info was likely hacked from another site and then used at 23andMe.
So now hackers have access to over one million people’s information, including health. From what I understand, this could put minority groups at risk, as written in an article written by ABC News, which stated, “The breach exposed Chinese and Ashkenazi Jewish user info on the dark web.”
On October 24th, I received an email from 23andMe stating that I was one of the people who had their data accessed through “DNA Relatives.” I was advised that because of this, my information, such as when I’d last logged in, my predicted relationship and percentage of shared DNA with my match, my location, my tree, and so much more, could have been accessed. You can find the complete list HERE.
So what to do? Do you take your account down? That feels like closing the barn door after your cows have run away.
Two things that have come out of this are that Ancestry has implemented a two-step authorization, and Family Tree DNA is no longer accepting uploads from 23andMe (see the article on WikiTree HERE).
So what can you do? First and foremost, you need to implement two-step authorization on not only Ancestry, but any other site you put private information on that has two-step authorization. If a site has a lot of your personal info and they have not implemented two-step authorization, ask them when they will be.
The other thing you need to do is if you are one of those people who use the same password repeatedly, you need to change them. I know it’s hard. I used to do this a long, long time ago. But you need to protect your information, and as it turns out here, you’re protecting my information, too.
As for 23andMe, I guess I will just wait and see what happens.