Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

23andMe Breach Includes Info that Could Put Anyone at Risk

by Elizabeth Harper on December 13, 2023

Earlier this fall, DNA testing company 23andMe reported a data breach affecting 14,000 accounts – but now it turns out that hackers had access to profiles and family trees of 6.9 million accounts. It's the family tree information that makes this breach dangerous not only for 23andMe customers but also for anyone else. That’s because it may expose one vital piece of personal information: your mother’s maiden name. This information answers a very common account-recovery security question. If hackers combine that with previously compromised passwords, it could help them gain access to other accounts.

Photo concept showing a hacker stealing genetic information.

23andMe’s “DNA Relatives” feature lets users automatically share family tree information, potentially including your name, date of birth, and location, as well as family member names, dates of birth, and locations. That means that you could appear on a family tree even if you don't have an account, and hackers could have collected a great deal of your personal information.

How to protect yourself after the 23andMe data breach

By now, you can assume that your mother’s maiden name (and any other security questions related to family members) isn’t secret information: hackers are already auctioning off data from 23andMe family trees. Check the security questions tied to your accounts and update them if necessary, picking security questions that can’t be answered easily. If you don’t have any good options (or even if you do), we recommend lying about your answers to security questions and recording this information in your password manager.

How to protect yourself from future breaches

Hackers got the 23andMe database through a process called “credential stuffing,” in which they enter previously compromised email and password combinations to get into users’ accounts. Because many of us reuse passwords between sites – something we shouldn’t do precisely because of attacks like this – hackers were able to get in.

Credential stuffing attacks like this one are precisely why you should use unique passwords for all your accounts so that one account being compromised doesn’t potentially compromise your other accounts. If you have any other services using duplicate passwords, change them to a strong, unique password and use a password manager to keep track.

If an account supports it, you should enable two-factor authentication. Even after changing passwords, this is an important step to prevent such attacks from gaining access to your accounts in the future.

Data breaches have become commonplace, and you should assume that your frequently used passwords have been compromised by hackers, who could use this information to get into your other accounts.

[Image credit: Hacker concept via BigStockPhoto]

Elizabeth Harper is a writer and editor with more than a decade of experience covering consumer technology and entertainment. In addition to writing for Techlicious, she's Editorial Director of Blizzard Watch and is published on sites all over the web including Time, CBS, Engadget, The Daily Dot and DealNews.


Topics

News, Health and Home, Health & Fitness, Computer Safety & Support, Blog, Privacy


Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.