On October 6, 2023, a hacker posted a sample of data stolen from 23andMe, a popular genetic testing company, on a dark web forum called BreachForums. The hacker claimed to have access to 13 million pieces of data, mostly from users of Ashkenazi Jewish and Chinese descent, who had opted in to a feature called DNA Relatives. The hacker offered to sell the data for between $1 and $10 per account, depending on the quantity. The data included personal information such as names, birth years, locations, and ancestry results, but not raw genetic data

The hacker also claimed to have data from celebrities, such as Mark Zuckerberg, Elon Musk, and Sergey Brin, and alleged that 23andMe’s CEO was aware of the breach two months earlier but did not disclose it. However, these claims have not been verified by 23andMe or any independent sources

23andMe confirmed that some of its users’ data was compromised, but denied that its systems were breached. The company said that the hacker obtained the data by guessing the login credentials of some users and then scraping more data from the DNA Relatives feature, which allows users to find and connect with potential relatives based on their genetic matches. The company said that it was investigating the incident and taking steps to protect its users’ privacy and security

The DNA Relatives feature is optional and requires users to consent to share their information with other users who are also enrolled in the feature. Users can adjust their privacy settings to limit what information they share and with whom. Users can also opt out of the feature at any time

The data leak raises serious concerns about the privacy and security of genetic data, which can reveal sensitive information about one’s health, ancestry, family relationships, and identity. Genetic data can also be used for malicious purposes, such as discrimination, extortion, identity theft, or targeted attacks

To protect yourself from such risks, here are some cybersecurity best practices that you should follow: