Image: Getty
23andMe confirmed that a recent breach leaked data belonging to 6.9 million users. In an emailed statement to The Verge, company spokesperson Andy Kill says the breach affected around 5.5 million users who had DNA Relatives enabled, a feature that matches users with similar genetic makeups, while an additional 1.4 million people had their family tree profiles accessed.
In a filing with the Securities and Exchange Commission (SEC) and update to its blog post late on December 1st, 23andMe said a threat actor using a credential stuffing attack — logging in with account info obtained in other security breaches, usually due to password reuse — directly accessed 0.1 percent of user accounts, making up around 14,000 users. With access to those…