23andMe has revealed that hackers accessed data from approximately 6.9 million users, a higher number than initially disclosed.
According to TechCrunch, the company found a data breach impacting 6.9 million users who identified as having Ashkenazi Jewish ancestry during an investigation launched in October.
Hackers accessed certain 23andMe customer accounts through reused passwords, exploiting features that provide significant user information.
A spokesperson for the company said that hackers employed credential stuffing to initially access approximately 0.1% of 23andMe accounts.
Subsequently, they targeted users in the DNA Relatives program, which eased privacy restrictions.
According to reports, DNA Relatives permit distantly related users to access extensive information about each other, including ancestry, DNA details, ZIP code, birth year, and family member names.
By employing these methods, hackers gained access to profile information for around 6.9 million users in the DNA Relatives program, constituting almost half of the approximately 14 million participants.
According to a Securities and Exchange Commission filing, 23andMe anticipates minimal financial impact, projecting only $1-$2 million in one-time expenses related to the incident. Despite the large number of users affected, only 14,000 accounts were compromised, according to reports.