At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

Summary:

Genetic data from 23andMe users was stolen in a targeted attack. Hackers accessed user accounts by guessing passwords and then scraped profile information from relatives sharing features. They posted a sample claiming to contain 1 million Ashkenazi Jewish users and hundreds of thousands of Chinese users. The hackers are selling access to the profiles for $1-10 each.

23andMe says the leaked information is consistent with the attackers’ claimed methods, but the company is still working to confirm whether the leak is real. The full picture of why the data was stolen, how much more the attackers have, and whether it is focused entirely on Ashkenazim is still unclear.

Brett Callow, a field expert, says this incident highlights the privacy and security risks of DNA databases that store and share sensitive genetic information.