It’s now been confirmed that an additional 6.9 million 23andMe users had ancestry data stolen after hackers accessed thousands of accounts by likely reusing previously leaked passwords.
This is a much larger number of accounts than 23andMe previously disclosed in a Securities and Exchange Commission filing, which estimated that 0.1 percent of users—approximately 14,000, TechCrunch estimated—had accounts accessed by hackers using compromised passwords.
After the cyberattack was reported, Wired estimated that “at least a million data points from 23andMe accounts” that were “exclusively about Ashkenazi Jews” and data points from “hundreds of thousands of users of Chinese descent” seemed to be exposed. But beyond those estimates, for two months, all the public knew was that 23andMe’s filing noted that “a significant number of files containing profile information about other users’ ancestry” were also accessed.
Read 9 remaining paragraphs | Comments