On October 6, 23andMe shared a press release disclosing that the company “recently learned that certain 23andMe customer profile information that they opted into sharing through our DNA Relatives feature was compiled from individual 23andMe.com accounts without the account users’ authorization.”
Cool.(I’m being facetious) .. I love it when I see posts like that. As soon as I saw this, I logged in to my account and changed my password. But because it was linked through my “DNA Relatives,” that really didn’t do any good. Through further news reports, I learned that this was all caused by some people using the same email and password repeatedly. As I understand it, their info was likely hacked from another site and then used at 23andMe.
So now hackers have access to over one million people’s information, including health. From what I understand, this could put minority groups at risk, as written in an article written by ABC News, which stated, “The breach exposed Chinese and Ashkenazi Jewish user info on the dark web.”
On October 24th, I received an email from 23andMe stating that I was one of the people who had their data accessed through “DNA Relatives.” I was advised that because of this, my information, such as when I’d last logged in, my predicted relationship and percentage of shared DNA with my match, my location, my tree, and so much more, could have been accessed. You can find the complete list HERE.
So what to do? Do you take your account down? That feels like closing the barn door after your cows have run away.
Two things that have come out of this are that Ancestry has implemented a two-step authorization, and Family Tree DNA is no longer accepting uploads from 23andMe (see the article on WikiTree HERE).
So what can you do? First and foremost, you need to implement two-step authorization on not only Ancestry, but any other site you put private information on that has two-step authorization. If a site has a lot of your personal info and they have not implemented two-step authorization, ask them when they will be.
The other thing you need to do is if you are one of those people who use the same password repeatedly, you need to change them. I know it’s hard. I used to do this a long, long time ago. But you need to protect your information, and as it turns out here, you’re protecting my information, too.
As for 23andMe, I guess I will just wait and see what happens.
I also changed my password as soon as I received the first email. MY issue is their 2-factor authentication. They want me to download an app that generates random numbers. I do NOT want to download another app. I emailed and asked why they just couldn’t text or email a random number to me at sign-on, like AOL or some credit cards do. So far, radio silence. Great way to run a company that’s been hacked…..
Susan I agree their 2-factor authentication app is not ideal.
Ancestry dot com has had a two step process for quite some time now. Thank goodness. But 23 and me has now implemented one but it is not very user friendly to set up. I received an email as well. But I only had that one password for them not anywhere else so I do not know what they are talking about. At any rate I am not happy with them, they should know better and had better security on their site.
Brenda, I think what it’s about is that you have DNA connections that used passwords at multiple sites and that’s how those hackers had access to you. At least as I understand it.