Privacy regulators in Canada and the United Kingdom have initiated a collaborative inquiry into the genetic testing firm 23andMe in response to a major data breach, marking a significant step toward addressing the issue.
The sensitive personal information of almost 7 million users was compromised in a breach last year, leading to significant worries about data security and privacy.
The breach, which took place between April and September 2023, involved attackers using a credential-stuffing attack to gain access to approximately 14,000 user accounts.
Credential-stuffing is a technique where attackers use credentials obtained from other data breaches to access accounts on different platforms.
Once inside these accounts, the attackers were able to scrape data on millions of other individuals due to an opt-in feature called DNA Relatives, which allows users to share data with others to discover distant relatives.
This led to the exposure of data for 6.9 million users, including names, birth years, relationship labels, DNA percentage shares with relatives, ancestry reports, and…
