23andMe Experiences Data Breach Following Credential Stuffing Attack

On October 6, 2023, 23andMe, the prominent consumer genetics and therapeutics company, confirmed a data breach that compromised the sensitive information of its customers. The breach was reported to have resulted from a credential stuffing attack, although 23andMe vehemently denied any hacking of their systems. This incident has raised concerns about the safety of personal information and DNA data in the digital age. In this article, we will delve into the details of the 23andMe data breach and provide guidance on what you can do to protect yourself if you’re affected.

The Breach and Its Origin

The data breach affecting 23andMe users is a concerning development in the realm of cybersecurity. While more information is anticipated, the company acknowledged the incident in a statement. It was further reported by multiple news outlets that unauthorized access was gained to customer profile information on 23andMe.com. This information was acquired without the account owners’ consent.

In response, 23andMe promptly launched an investigation into the breach. Although the investigation is still ongoing, a statement released by 23andMe on October 6, 2023, indicates that the company believes the breach resulted from “recycled login credentials.” This essentially means that hackers leveraged login credentials acquired from previous breaches to access 23andMe accounts. Such attacks are referred to as “credential stuffing.”

It’s essential to understand that the compromised data appears to be limited to the information contained in users’ “DNA Relatives profiles” and is only relevant to customers who opted into this specific service. 23andMe has yet to confirm whether confidential consumer data, such as DNA information, was part of the breach.

Protecting Yourself and Legal Options

If you receive a data breach notification from 23andMe or suspect your account may have been compromised, it’s crucial to take immediate action to protect yourself. Here are some steps to consider:

Change Passwords: If you have been using the same password for multiple online accounts, it’s time to update your passwords. Ensure that your new passwords are unique and complex.

Enable Two-Factor Authentication (2FA): Enable 2FA wherever possible. This adds an extra layer of security to your accounts, making it more challenging for unauthorized users to gain access.

Monitor Your Accounts: Regularly check your bank statements, credit reports, and other financial accounts for any unusual activity. Report any suspicious transactions to your financial institution.

Consult a Data Breach Lawyer: If you believe your information was compromised in the 23andMe breach, consult with a data breach lawyer. They can provide guidance on protecting yourself from fraud and identity theft and discuss potential legal options.


The 23andMe data breach has raised concerns about the security of personal and genetic data. While the investigation is still ongoing, it is vital for affected individuals to take immediate steps to safeguard their accounts and personal information. The breach serves as a stark reminder that online security practices are crucial in an increasingly digital world.

As we await further updates on the incident, it’s essential to stay vigilant and prioritize your online security. Changing passwords, enabling 2FA, and monitoring your financial accounts are prudent measures to protect yourself. Additionally, consulting with a data breach lawyer can provide you with valuable insights and legal recourse if necessary.

In this age of advancing technology, it is incumbent upon individuals and companies alike to remain vigilant in the face of cyber threats.