Personal genetics firm 23andMe has confirmed that hackers using stolen passwords accessed the personal information of about 6.9m of its members.
While the hackers were only able to get into about 14,000 accounts, or 0.1% of its customers, they were able to see information shared by genetically linked relatives at 23andMe, a spokesperson said in reply to an AFP inquiry.
23andMe is in the process of notifying affected customers.
It said it had hardened account security by requiring users to reset passwords and set up a second authentication method, such as sending a temporary code to a mobile phone, according to the spokesperson.
23andMe is a saliva-based DNA service that allows users to find relatives around the world.
In early October, 23andMe detected that data thieves had got into accounts safeguarded by login details recycled from other websites that had been compromised, the company said.
"We do not have any indication that there has been a breach or data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks," the spokesperson said.
Of the 6.9m accounts hacked, 5.5m contained information on genetic matches and may have also included birth dates and locations if provided by users, according to 23andMe.
An additional 1.4m of the hacked accounts had limited access to some DNA profile information as part of the "Family Tree" feature, the spokesperson said.
23andMe was founded in 2006 and is based in Mountain View, California, where Google also has its headquarters.
Read more
What are the risks of taking an online DNA test?
What exactly are you giving away when you hand over your DNA?
