23andMe 2023 Data Breach: Genetic and Ancestry Data of 6.9 Million Users
Credential stuffing compromised 14,000 accounts but the DNA Relatives feature amplified the breach to 6.9 million users whose genetic data was exposed.
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...
Learn MoreAudit Your Site Free
Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...
Learn MoreAutomate Privacy Compliance
Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...
Learn MoreData Types Exposed
Response Timeline
April-September 2023: Credential stuffing attacks
October 2023: Leaked data appears on hacking forums
December 2023: 6.9 million users affected confirmed
September 2024: $30 million settlement
Detailed Analysis
The 23andMe breach is uniquely concerning because genetic data cannot be changed like a password. Attackers used credential stuffing to access 14,000 accounts then scraped 6.9 million connected DNA Relatives profiles. The leaked data specifically targeted Ashkenazi Jewish and Chinese users.
The breach at 23andMe exposed 6.9 million records through credential stuffing using leaked passwords; dna relatives feature amplified scope. 6.9 million users through DNA Relatives; 14,000 accounts directly compromised The incident highlights the ongoing challenges organizations face in protecting sensitive user data against increasingly sophisticated attack vectors. Security researchers have noted that breaches of this magnitude often result from a combination of technical vulnerabilities and organizational failures in security practices.
Current status: $30 million settlement; company nearing bankruptcy; genetic data custody concerns. Affected users should take immediate steps to protect their accounts, including changing passwords, enabling multi-factor authentication, and monitoring financial accounts for unauthorized activity. Filing a DSAR with 23andMe can help you understand what data was exposed and request its deletion.
What To Do If Affected
- Change your password immediately on this service and any accounts using the same password
- Enable two-factor authentication on all critical accounts
- Monitor your credit reports for unauthorized activity
- Consider placing a credit freeze with major bureaus
- File a complaint with your local data protection authority
Protect Your Data Across Every Platform
Tools trusted by thousands of privacy-conscious users worldwide
No card charged today. Cancel anytime.
Frequently Asked Questions
How many records were affected in the 23andMe breach?
The 23andMe data breach affected 6.9 million records. Data types exposed include: genetic ancestry data, DNA Relatives profile information, display names, relationship labels, birth years, ancestry reports.
What should I do if I was affected by the 23andMe breach?
If you were affected, change your passwords immediately, enable two-factor authentication, monitor your credit reports, and consider placing a credit freeze. You can also submit a DSAR to 23andMe requesting deletion of your data.
Is there compensation for 23andMe breach victims?
$30 million settlement; company nearing bankruptcy; genetic data custody concerns Check if a class action settlement exists and whether you are eligible to file a claim.