23andMe says that hackers were able to access a “significant number of files associated with user’s ancestry in its recent data breach.
In published Friday the site says that hackers accessed around 14,000 customer accounts, accounting for .1% of its total customer base, .
23andMe initially . At the time, a user in a hacker forum allegedly published records for 4 million 23andMe users, and a separate user in the same forum claimed to have stolen data from 7 million users on the site.
The accounts were accessed through a technique called “credential stuffing.” Essentially cybercriminals get a list of email addresses and passwords from a different website's breach and then attempt to use them on the site — Reminder: to avoid finding yourself in a similar situation.
Beyond the initially hacked accounts, 23andMe’s hack also impacted users who used the company’s DNA Relatives feature. Users that have opted into the feature allow some of their personal information to be shared with others that they’re connected to. In this case, if one of your relatives was a victim of the hack, the hacker could potentially see your information as well, presuming you opted into the feature.