23andMe: Hackers accessed data of 6.9 million users. How did it happen?

Ancestry and genetics company 23andMe confirmed Monday that "threat actors" used about 14,000 accounts to access the ancestry data of 6.9 million people, as first reported by TechCrunch.

The hackers were able to access the accounts by using usernames and passwords from other compromised websites that were the same on 23andMe, according to the company.

"We do not have any indication that there has been a breach or data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks," a company spokesperson said in an email.

The accounts accessed make up approximately .1% of the company's user base, according to a Friday filing with the Securities and Exchange Commission.

The company said that 5.5 million users who opted in to 23andMe's Relatives feature, which links people with common DNA. Another 1.4 million users had their family tree information accessed.

23andMe comes in a standard small box.
23andMe comes in a standard small box.

Hacked data includes personal and DNA information

The company originally disclosed the incident in October in a blog post that did not mention the scope of the compromised data, though they said they had launched an investigation.

The accessed data includes personal and family information and may include the following, according to the company:

DNA relatives' profile information

  • display name

  • how recently they logged into their account

  • their relationship labels

  • their predicted relationship and percentage DNA shared with their DNA Relatives matches

  • their ancestry reports and matching DNA segments, specifically where on their chromosomes they and their relative had matching DNA

  • self-reported location (city/zip code)

  • ancestor birth locations and family names

  • profile picture, birth year

  • a weblink to a family tree they created, and anything else they may have included in the “Introduce yourself” section of the profile

Family tree information

  • display name

  • relationship labels

  • birth year

  • self-reported location (city/zip code)

How to create a strong password

To help prevent similar incidents from compromising consumer information, strong and varied password protection is recommended.

Passwords don’t need to be an overcomplicated string of numbers, letters and symbols that are impossible to memorize.

When creating a strong password, think of a phrase or a string of words that will be easy to remember. For example: Flowersgrowoutside

Then, add in some numbers and special characters.

A password like Flow3rsgrow0uts!de% is trickier for a hacker, human or bot, to crack and gain access to your valuable information.

If you don't want to memorize a plethora of passwords, one can use a digital password manager.

Contributing: Cody Goodwin

This article originally appeared on USA TODAY: 23andMe: Hackers accessed data of 6.9 million users