“Get a cool 23andMe test”, they said…it will be FUN!“, they said. One of the founders of the test was married to the founder of Google. Nothing to see here. ~ TPT Staff
‘I am deeply concerned this data could be purchased by nefarious actors who seek to harm’
By 
Kate McKinnon appearing in a ‘Saturday Night Live’ Christmas commercial skit on Dec. 11, 2021.
(TIMES OF ISRAEL) — DNA testing company 23andMe is being accused of failing to notify users with Ashkenazi Jewish and Chinese heritage that they were specifically targeted in a data breach last year and that their information was collated into lists that were sold on the dark web, according to a new lawsuit.
In an October 6 blog post on its website, the company initially disclosed the data breach, which had been going on undetected between May and September of 2023. The post accuses customers of being the source of the issue, saying that the hackers gained access to information by targeting users who recycled the same username and password across multiple websites.
In an update to the blog a few days later, 23andMe said it was investigating the breach with the help of “third-party forensic experts” and federal law enforcement officials.
The investigation was completed in December, and an update to the blog concluded that the hackers had gained access to roughly 14,000 accounts whose users utilized recycled passwords. Through the breached accounts, further information was collected via 23andMe’s Family Tree feature and the DNA Relatives feature in which people can choose to share data with potential genetic relatives. In both cases, other people’s names, locations, and birthdays are available to the users.
According to 23andMe, the hackers gained information on a total of 6.9 million of the website’s accounts, which is almost half of all the company’s customers.
While the company released this information in December and said it had notified the specific users who were affected by the breach, it did not mention at any point that the hackers had seemingly specifically targeted people with Chinese or Ashkenazi Jewish heritage.
A sample for a DNA test. (Utah 778 via iStock)
Meanwhile, on the same day that 23andMe initially announced the breach in its blog, Wired reported that data, including full names and home addresses, on one million people with alleged Jewish ancestry had been posted on hacking sharing platform Breach Forums a few days earlier. The hackers later revealed information on 100,000 people with Chinese ancestry as well.
The report added that the hackers were selling information on specific accounts for between $1 and $10.
23andMe headquarters in Silicon Valley, Sunnyvale, California, July 26, 2020. (Michael Vi/Shutterstock.com)
DNA testing company 23andMe is being accused of failing to notify users with Ashkenazi Jewish and Chinese heritage that they were specifically targeted in a data breach last year and that their information was collated into lists that were sold on the dark web, according to a new lawsuit.
In an October 6 blog post on its website, the company initially disclosed the data breach, which had been going on undetected between May and September of 2023. The post accuses customers of being the source of the issue, saying that the hackers gained access to information by targeting users who recycled the same username and password across multiple websites.
In an update to the blog a few days later, 23andMe said it was investigating the breach with the help of “third-party forensic experts” and federal law enforcement officials.1/2
The investigation was completed in December, and an update to the blog concluded that the hackers had gained access to roughly 14,000 accounts whose users utilized recycled passwords. Through the breached accounts, further information was collected via 23andMe’s Family Tree feature and the DNA Relatives feature in which people can choose to share data with potential genetic relatives. In both cases, other people’s names, locations, and birthdays are available to the users.
According to 23andMe, the hackers gained information on a total of 6.9 million of the website’s accounts, which is almost half of all the company’s customers.
Get The Times of Israel’s Daily Editionby email and never miss our top storiesNewsletter email addressGET IT
By signing up, you agree to the terms
While the company released this information in December and said it had notified the specific users who were affected by the breach, it did not mention at any point that the hackers had seemingly specifically targeted people with Chinese or Ashkenazi Jewish heritage.
A sample for a DNA test. (Utah 778 via iStock)
Meanwhile, on the same day that 23andMe initially announced the breach in its blog, Wired reported that data, including full names and home addresses, on one million people with alleged Jewish ancestry had been posted on hacking sharing platform Breach Forums a few days earlier. The hackers later revealed information on 100,000 people with Chinese ancestry as well.
The report added that the hackers were selling information on specific accounts for between $1 and $10.
Last week, Tech Crunch shared the letter that 23andMe had sent out to users whose data was stolen. The company explained that it had only become aware of the breach after someone posted a sample of the stolen information on the unofficial 23andMe subreddit and claimed to have more.
While the letter also mentioned that some users’ information was posted on the Breach Forum, it still did not inform affected users that the information being shared on the dark web was primarily of Ashkenazi Jews.
A day after the data breach was first shared, Hamas launched an unprecedented attack on Israel on October 7, killing some 1,200 people, mostly civilians, in the South and kidnapping 253. Israel immediately declared war on Hamas in response.
Following the attack and the beginning of the war, rates of antisemitism spiked worldwide with Jews being targeted by verbal and physical abuse in many countries, including in the US, where 23andMe is based.
One of the victims in the data breach, and a plaintiff in the lawsuit, J.L. from Florida, told The New York Times that he had discovered he had Ashkenazi Jewish heritage when he did 23andMe’s DNA test last year.
He added that with surging antisemitism, he feared the information gained by the hackers would be used against him and his family.