【】

23andMe has finally confirmed the extent of its recent data breach, and it's not good news.

A total of 6.9 million users of the genetic testing site have been affected, TechCrunch reported on Monday. 23andMe explained that although only 0.1 percent of its customers (14,000 users) had their information accessed by hackers initially, this then allowed the same group to access the profile information of millions of other users via the service's DNA Relatives feature. Those who opted in to this feature gave the site permission to automatically share some of their data with other users.

SEE ALSO:23andMe may have suffered yet another breach – your data is in jeopardy

To break it down, 5.5 million users had information stolen that included their name, birth year, relationship, ancestry reports, self-reported location, and the DNA percentage shared with family. A further 1.4 million users had information related to their Family Tree stolen. This also includes names, birth years, relationships, and self-reported location.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

Given that 23andMe has over 14 million customers, per its 2023 financial results report, it appears that almost half their user base has been affected by this hack.

23andMe first confirmed that data had been stolen back in October. Later in the month, when a hacker appeared to offer up data for sale on 4 million users, the company said it was "reviewing the data" to determine legitimacy.

---

Related Stories

---

• 23andMe confirms stolen user data
• 23andMe may have suffered yet another breach – your data is in jeopardy
• 'Gay furry hackers' breach nuclear lab, demand it create catgirls
• FBI warns of Phantom Hackers stealing millions
• Discord.io suffers massive data breach, announces closure

In its latest update on the hack, 23andMe said it's in the process of notifying affected customers.

"We have taken steps to further protect customer data, including requiring all existing customers to reset their password and requiring two-step verification for all new and existing customers," reads the company's blog post. "The company will continue to invest in protecting our systems and data."

TopicsCybersecurity