Genetic testing company 23andMe concluded an investigation into an October hack on Tuesday, confirming that cybercriminals gained access to the data of 6.9M people.
The company said hackers accessed the accounts of 0.1% of customers, or around 14K. But by accessing that data, the hackers were able to gain access to "a significant number of files containing profile information about other users’ ancestry."
While it’s unfortunate that this user data was accessed, the company isn’t totally at fault. Users must learn to create stronger, unique passwords for all sites they use. And 23andMe will now require two-factor authentication to prevent future illegal access by bad actors.
Nothing is 100% safe on the internet, even when a company like 23andMe takes the necessary steps to prevent breaches. Cybercriminals are able to access data from other hacks and then use it to access other sites. That’s why it’s important to consider whether it’s worth trusting a private company with something as valuable as your DNA.