23andMe Data Breach: Personal Data of 6.9 Million Users Compromised

23andMe is currently facing multiple class-action lawsuits and inquiries from governmental officials and agencies.
Personal data of approximately 6.9 million 23andMe users was compromised.
The hacker gained access to user profiles using previously leaked passwords and posted them for sale online.
The stolen data primarily included users' ancestry information, with conflicting reports on the inclusion of health-related information.

In a significant breach of data privacy, genetic testing company 23andMe has confirmed that personal data of approximately 6.9 million users was compromised. The breach was orchestrated by an anonymous hacker who gained access to user profiles and subsequently posted them for sale online.

The compromised data primarily included users' ancestry information. However, there is a discrepancy among sources regarding the inclusion of health-related information based on genetic profiles in the stolen data. While some reports suggest that such sensitive health data was compromised, others contradict this claim.

The breach was executed by exploiting previously leaked passwords, allowing the hacker to access individual accounts. The stolen data includes family trees, birth years, and geographic locations. The hacker was also able to access profile information about other users' ancestry and downloaded private information from all other users they had links to across the website's family trees.

In addition to the immediate implications of the breach, 23andMe is currently facing multiple class-action lawsuits and inquiries from governmental officials and agencies. The exposure of health information, if confirmed, could raise significant concerns as health protections typically only apply to healthcare providers. Furthermore, the Genetic Information Nondiscrimination Act (GINA) has loopholes that allow life and disability insurers to deny policies based on genetic information.

As of now, there is no evidence that the stolen data has been used by criminals. However, the incident marks the first major breach of a DNA testing company where health information was potentially publicly disclosed, highlighting the vulnerability of sharing DNA with testing companies.


Confidence

85%

Doubts
  • There is a discrepancy among sources regarding the inclusion of health-related information in the stolen data.

Sources

90%

  • Unique Points
    • The stolen data includes family trees, birth years, and geographic locations, but does not include DNA records.
    • The hackers were able to access profile information about other users' ancestry and downloaded private information from all other users they had links to across the website's family trees.
    • There is currently no evidence that the stolen data has been used by criminals.
  • Accuracy
    • The BBC article states that the stolen data does not include DNA records, which contradicts the Bloomberg and Fortune articles that mention health-related information based on genetic profiles was compromised.
  • Deception (100%)
    • The article is straightforward and factual, with no apparent deception.
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

91%

  • Unique Points
    • 23andMe is currently facing multiple class-action lawsuits and inquiries from governmental officials and agencies.
  • Accuracy
    • The Arstechnica article does not mention the compromise of health-related information, which is contradicted by the Bloomberg and Fortune articles.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

90%

  • Unique Points
    • The hackers published samples of the stolen data, including information about users with Ashkenazi Jewish and Chinese heritage.
    • The company did not disclose the total number of affected users in its initial disclosure.
  • Accuracy
    • The Axios article mentions that DNA data was compromised, which contradicts the BBC article that states DNA records were not included in the stolen data.
  • Deception (100%)
    • The article is straightforward and factual, with no apparent deception.
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

92%

  • Unique Points
    • The hacker gained access to user profiles and posted them for sale online.
  • Accuracy
    • The Bloomberg article mentions that health-related information was compromised, which contradicts the BBC and Arstechnica articles that do not mention the compromise of health-related information.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

90%

  • Unique Points
    • The exposure of health information raises concerns as health protections only apply to healthcare providers.
    • The Genetic Information Nondiscrimination Act (GINA) has loopholes that allow life and disability insurers to deny policies based on genetic information.
    • This is the first major breach of a DNA testing company where health information was publicly disclosed.
  • Accuracy
    • The Fortune article mentions that health-related information was compromised, which contradicts the BBC and Arstechnica articles that do not mention the compromise of health-related information.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication