23andMe 2023 Data Breach

High Severity 6.9 million records affected
Company23andMe
Breach DateApril 1, 2023
Disclosure DateOctober 6, 2023
Records Affected6.9 million

The 2023 23andMe breach exposed highly sensitive genetic and ancestry data through credential stuffing attacks, affecting 6.9 million customers.

What Happened

Attackers used credential stuffing—testing stolen username/password combinations from other breaches—to access thousands of 23andMe accounts. They then exploited the DNA Relatives feature to scrape data on millions of connected users.

The data was first posted on hacking forums in October 2023, with hackers specifically targeting users of Ashkenazi Jewish and Chinese descent.

What Data Was Exposed

  • Genetic ancestry results
  • DNA Relatives matches
  • Family tree information
  • Birth years
  • Geographic locations
  • Percentage of shared DNA with relatives
  • Profile photos
  • Display names

Who Is Affected

6.9 million 23andMe users who opted into the DNA Relatives feature.

How to Check If You Were Affected

23andMe notified affected users. Check your email from 23andMe or log into your account for notifications.

What You Should Do Now

  1. Change your 23andMe password
  2. Enable two-factor authentication
  3. Review DNA Relatives settings
  4. Consider downloading and deleting data
  5. Use unique passwords for all accounts
  6. Be aware of targeted scams

Last updated: January 13, 2026