DNA Test Company 23andMe Customers' Data Leaked on Dark Web by Credential Stuffing Attack

Profile information of some 23andMe customers was posted on a dark web forum by bad actors looking to sell the data. The leaked info included names, birth years, genders, ancestry details.

23andMe believes the data was obtained by reusing credentials from other breached sites, not from a breach of 23andMe's systems directly.

The leaked data reportedly included info on around 1 million customers with Ashkenazi Jewish ancestry.

23andMe has urged customers to enable multifactor authentication for years to prevent credential stuffing attacks.

The optional DNA Relatives feature lets 23andMe users find and connect with genetic relatives also on the platform, sharing some profile details.