Hackers, using old passwords from customers of the genetic testing company 23andMe, were able to gain access to personal information from about 6.9 million profiles, which in some cases included ancestry trees, birth years and geographic locations, the company said on Monday.
In October, a hacker posted a claim online that they had 23andMe users’ profile information, the company wrote in a Securities and Exchange Commission disclosure on Friday.
“We have not learned of any reports of inappropriate use of the data after the leak,” a 23andMe spokeswoman said on Monday.
The hackers, using old passwords that 23andMe customers had used on other sites that had been compromised, were initially able to breach about 14,000 profiles — or 0.1 percent — of 23andMe’s users’ accounts, the company said in the S.E.C. disclosure.
The hackers would be able to access anything available on those 14,000 profiles, including health and ancestry information, the company spokeswoman said.
The breach also opened the door to millions of other profiles of customers — about half of all 23andMe customers — who wanted to use 23andMe...