23andMe announced that customer profile information was accessed without user consent.
The company announced that threat actors were able to access certain accounts in instances where users recycled login credentials, such as usernames and passwords that were used on 23andMe.com that were used on other websites that have been previously hacked.
Threat actors accessed 23andMe.com accounts without authorization and obtained information from certain accounts, including information about users’ DNA Relatives profiles, to the extent a user opted into the service.