23andMe profile information of some customers surfaces on dark web

Bad actors reportedly offered compilations of the 23andMe data for a price

Profile information of some 23andMe customers reportedly recently started appearing on a dark web forum often used by hackers.

That happened last week, with bad actors offering compilations of the information for a price, according to NBC News and other outlets. Names, birth years, genders, ancestry and certain other non-DNA profile information were reportedly among the details that got published.

In a Friday blog post, 23andMe said the bad actor may have "accessed 23andMe.com accounts without authorization and obtained information from certain accounts, including information about users’ DNA Relatives profiles, to the extent a user opted into that service."

23andMe logo

23andMe said it has urged multifactor authentication among its users for years. (Pavlo Gonchar/SOPA Images/LightRocket via Getty Images / Getty Images)

The bad actor did so "in instances where users recycled login credentials — that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked."

GET FOX BUSINESS ON THE GO BY CLICKING HERE

The cybersecurity industry commonly refers to that tactic as credential stuffing.

One tranche of 23andMe profile information consisted of people that the poster said had Ashkenazi Jewish ancestry, according to NBC News. That list reportedly had about 1 million data entries. 

Ticker Security Last Change Change %
ME 23ANDME HOLDING CO 3.15 -0.28 -8.16%

"23andMe is committed to providing you with a safe and secure place where you can learn about your DNA knowing your privacy is protected," 23andMe also said in the blog post. "We do not have any indication at this time that there has been a data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks."

IDAHO MURDER SUSPECT NABBED BY GENETIC GENEALOGY; SOME SITES WORK WITH LAW ENFORCEMENT

The California-based company, founded in 2006, said it conducts routine monitoring and auditing of its systems "to ensure that your data is protected." It said it has urged multifactor authentication among its users for years, a method it reiterated Friday that customers should take advantage of. 

23andMe’s overall customer base amounts to over 14 million, according to its website.

23andMe sign

California-based company 23andMe was founded in 2006. (Smith Collection/Gado/Getty Images / Getty Images)

The optional DNA Relatives feature lets users "find and connect with genetic relatives who are also 23andMe users participating in this feature," 23andMe explained on its website. When those using the feature have matched, they can see the display names, sex, profile pictures, predicted relationship and certain other information about each other. 

CLICK HERE TO READ MORE ON FOX BUSINESS

The value of 23andMe on a market capitalization basis hovered around $382.42 million as of Monday afternoon, with its shares experiencing a roughly 5% decline.

23andMe Holding Co