The data watchdogs of the UK and Canada will investigate genetic testing company 23andMe over a data breach in October 2023.
Hackers gained access to personal information of 6.9 million people, which in some cases included family trees, birth years and geographic locations, by using customers’ old passwords.
One of the things the joint taskforce will investigate is whether adequate safeguards had been put in place to protect such data. “We intend to cooperate with these regulators’ reasonable requests,” 23andMe said in a statement.
The data stolen in October did not include DNA records.
The company was not hacked itself - but rather criminals logged into about 14,000 individual accounts, or 0.1% of customers, by using email and password details previously exposed in other hacks.
So… it’s a hack, but it’s not been hacked?
Come the fuck on, BBC, you can do better.
From what I’ve heard people got their accounts at random other companies/ services hacked, their emails and passwords were posted/ sold online, and then the hackers bought them and tried entering them into 23andMe which succeeded for a number of users who use the same creds across services. I agree the article could have been clearer, but it does seem like a meaningful distinction to me that 23andMe itself didn’t get hacked
“Genetic testing firm 23andMe investigated over incident where scammers stole 14,000 accounts to get data” seems unnecessary.
I think that “hack” works.
In the same way that “my Instagram account got hacked”