October 20, 2023

23andMe is investigating reports of a new data leak involving millions of user records.

TechCrunch previously reported that a hacker claims to have leaked 4 million genetic profiles belonging to people in Great Britain, along with “the wealthiest people living in the U.S. and Western Europe.”

The hacker, who goes by “Golem,” is the same one that stole 1 million lines of genetic data from 23andMe earlier this month. Golem posted this latest round of data on the hacking site BreachForums.

Katie Watson, the vice president of communications at 23andMe, said the company was “made aware” that the same hacker claims to have leaked another trove of what they claim is customer information. “We are currently reviewing the data to determine if it is legitimate,” Watson says. “Our investigation is ongoing and if we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information.”

In a blog post published on October 6th, 23andMe confirmed that the data included in the previous leak was legitimate and affected the platform’s DNA Relatives feature, which lets users match with other potential genetic relatives on 23andMe.

At the time, 23andMe said it found no sign of a security incident within its systems, adding that the hacker was able to access users’ accounts using “recycled” login credentials that were exposed in other hacks.

This most recent leak involves the DNA Relatives feature as well, potentially enabling the hacker to scrape the information belonging to the relatives that an account has matched with.

The sources for this piece include an article in TheVerge.