In an emailed statement to The Verge, company spokesperson Andy Kill says the breach affected around 5.5 million users who had DNA Relatives enabled, a feature that matches users with similar genetic makeups, while an additional 1.4 million people had their family tree profiles accessed.
In a filing with the Securities and Exchange Commission (SEC) and update to its blog post...23andMe said a threat actor using a credential stuffing attack - logging in with account info obtained in other security breaches, usually due to password reuse - directly accessed 0.1 percent of user accounts, making up around 14,000 users. With access to those accounts, the attackers used the DNA Relatives feature, which matches people with other members they may share ancestry with, to access the additional information from millions of other profiles.
[
add
]
[
|
|
...
]