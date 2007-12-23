from the remember:-they-can't-use-what-they-don't-have dept.
Hackers have been able to gain access to personal information from about 6.9 million users of genetic testing company 23andMe, using customers' old passwords:
In some cases this included family trees, birth years and geographic locations, the company said.
After weeks of speculation the firm has put a number on the breach, with more than half of its customers affected.
The stolen data does not include DNA records.
[...] As was first reported by Tech Crunch, the company has acknowledged that by accessing those accounts, hackers were then able to find their way into "a significant number of files containing profile information about other users' ancestry".
The criminals downloaded not just the data from those accounts but the private information of all other users they had links to across the sprawling family trees on the website.
The stolen data includes information like names, how each person is linked and in some cases birth years, locations, pictures, addresses and the percentage of DNA shared with relatives.
I'm with Bill Burr on this.
See also: 23andMe Says Private User Data is Up for Sale After Being Scraped

Records reportedly belong to millions of users who opted in to a relative-search feature:
Genetic profiling service 23andMe has commenced an investigation after private user data was been scraped off its website
Friday's confirmation comes five days after an unknown entity took to an online crime forum to advertise the sale of private information for millions of 23andMe users. The forum posts claimed that the stolen data included origin estimation, phenotype, health information, photos, and identification data. The posts claimed that 23andMe's CEO was aware the company had been "hacked" two months earlier and never revealed the incident. In a statement emailed after this post went live, a 23andMe representative said "nothing they have posted publicly indicates they actually have any 'health information.' These are all unsubstantiated claims at this point."
23andMe officials on Friday confirmed that private data for some of its users is, in fact, up for sale. The cause of the leak, the officials said, is data scraping, a technique that essentially reassembles large amounts of data by systematically extracting smaller amounts of information available to individual users of a service. Attackers gained unauthorized access to the individual 23andMe accounts, all of which had been configured by the user to opt in to a DNA relative feature that allows them to find potential relatives.
[...] The DNA relative feature allows users who opt in to view basic profile information of others who also allow their profiles to be visible to DNA Relative participants, a spokesperson said. If the DNA of one opting-in user matches another, each gets to access the other's ancestry information.
(Score: 3, Interesting) by Tork on Friday December 08, @12:39AM
So... yeah, they want the profit but not the responsibility... and this is about a fair chunk of the information that we use to things like apply for credit cards.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by istartedi on Friday December 08, @12:58AM
Just oh-so shocked that people gave their data to a Si-Valley company where they "move fast and break things" and this happened. Sure they are always looking for ways to monetize data, break the law without actually facing the consequences, and turn a fast buck but they're such good people and I think they all use Apple computers so what could possibly go wrong? How could this happen?
/sarcasm.
