23andMe says that hackers were able to access a “significant number of files associated with user’s ancestry in its recent data breach.
In a filing with the U.S Securities and Exchange Commission published Friday the site says that hackers accessed around 14,000 customer accounts, accounting for .1% of its total customer base, TechCrunch reports.
23andMe initially disclosed the lack in early October. At the time, a user in a hacker forum allegedly published records for 4 million 23andMe users, and a separate user in the same forum claimed to have stolen data from 7 million users on the site.
The accounts were accessed through a technique called “credential stuffing.” Essentially cybercriminals get a list of email addresses and passwords from a different website's breach and then attempt to use them on the site — Reminder: You should make sure you’re using a different password for every site to avoid finding yourself in a similar situation.
Beyond the initially hacked accounts, 23andMe’s hack also impacted users who used the company’s DNA Relatives feature. Users that have opted into the feature allow some of their personal information to be shared with others that they’re connected to. In this case, if one of your relatives was a victim of the hack, the hacker could potentially see your information as well, presuming you opted into the feature.
23andMe currently has more than 14 million customers worldwide. As a result of the data breach the company required its users to reset and change their passwords and last month the company also required users to start using two-factor authentication.