Major DNA testing and genealogy companies, like Ancestry, MyHeritage, and 23andMe, are requiring two-factor authentication (2FA) for user accounts in reaction to a recent data breach at the industry leader in DNA genetic testing. The improved security mechanism aims to protect user information and privacy.
Users who have activated two-factor authentication need to provide an additional verification number when accessing their accounts.
This extra identification number is typically sent to a device they possess to confirm their identity to ensure that the account is being used by its legitimate owner.
By informing its clients about the impending need for two-step authentication, Ancestry has already started putting this safeguard into practice.
The code that users need to input to log in will be given to either their email address or phone number. Ancestry representative Gina Spatafore said multi-factor authentication would be required by year's end.
Customers of AncestryDNA will need to apply this extra security measure to access their accounts to see their DNA matches, as per a TechCrunch report.
An agent of the operational center of the French National Cybersecurity Agency (ANSSI) checks data on a computer in Paris on November 24, 2022.
Millions of DNA Data Leaked
Additionally, MyHeritage said that it will need two-factor verification for all DNA clients.
The DNA companies' cybersecurity action is a direct result of the most recent 23andMe data leak, which has been the subject of a security breach probe since October.
The firm has now required all of its clients to use a second verification step. 23andMe said that a hacker had made claims to have taken millions of records from 23andMe accounts, including private information on certain genetic backgrounds, including one million individuals of Ashkenazi Jewish origin and 100,000 Chinese users.
The 23andMe data breach, according to the firm's assessment, most likely happened as a result of hackers utilizing passwords that they had obtained from past publicized data breaches to access user accounts.
User profiles, genetic data, and specifics of users who had chosen to participate in the DNA Relatives feature—which permits the exchange of user data—were among the compromised material.
Read Also: TikTok Ends $2 Billion Creator Fund, Introducing High-Paying Creativity Program
23andMe Data Leak Mostly Impacted Jews, Chinese Users
At least one million 23andMe account data points seemed to have been disclosed on BreachForums, an online forum where members talk about hacking, cyberattacks, and data breaches, according to a report by Wired. The data that was compromised mostly concerned Ashkenazi Jews; however, hundreds of thousands of Chinese customers were also impacted. Complete names, birthdates, genders, geographical information, images, genetic information, and ancestry findings were all included in the compromised data.
Attorney General William Tong of Connecticut has moved to investigate the 23andMe data breach incident. He wrote to 23andMe regarding the breach's timing, citing the hazards of releasing targeted genetic information alongside rising antisemitic and anti-Asian rhetoric and violence.
"23andMe is in the business of collecting and analyzing the most sensitive and irreplaceable information about individuals, their genetic code. This incident raises questions about the processes used by 23andMe to obtain consent from users, as well as the measures taken by 23andMe to protect the confidentiality of sensitive personal information," Tong noted in the letter, as quoted by ABC News.
Related Article: Dark Web Scammers Target myGov Website; Thousands of Accounts Now Suspended
