The genetic data testing company 23andMe was the target of a hack aimed at users with Ashkenazi Jewish ancestry. (Wikimedia)

(JTA) — The genetic testing company 23andMe is facing a class action lawsuit over its security practices after hackers stole and published data about 1 million people with Jewish ancestry. 

The data breach was revealed on Friday after hackers published a database titled “ashkenazi DNA Data of Celebrities” on dark web forums. Most of the people on the list are not famous, and the database includes information such as display names, sex, birth year, and some details about users’ genetic ancestry results. 

The hacker from the initial leak offered to sell data profiles in bulk for $1 to $10 per account. But as many as 7 million accounts may be in the sale — half the users of 23andMe. It is unclear whether whoever compiled the Ashkenazi list — which actually has 999,999 entries — is the same as the group that put it up for sale, NBC News reported.

23andMe is treating the leak as authentic and investigating the incident. It is also requiring its users to change their passwords.

“We are taking this issue seriously and will continue our investigation to confirm these preliminary results,” the company said in a statement. 

It is also unclear why the data was stolen, and whether it is solely focused on Ashkenazi Jews. (The hacker also downloaded a separate file with data on more than 300,000 users with Chinese ancestry.)

“When data is shared relating to ethnic, national, political or other groups, sometimes it’s because those groups have been specifically targeted, but sometimes it’s because the person sharing the data thinks it’ll make reputation-boosting headlines,” Brett Callow, a threat analyst at security firm Emsisoft, told Wired.

23andMe confirmed last week that its data had been compromised but said that its systems were not breached. Instead, the company believes the hackers were able to get access to recycled passwords that had already been hacked and leaked on other websites and then used that information to scrape data through 23andMe, which gives its users access to each others’ genetic information to find relatives through a popular feature called “DNA Relatives.” 

“This incident really highlights the risks associated with DNA databases,” Callow said. “The fact that accounts had reportedly opted into the ‘DNA Relatives’ feature is particularly concerning as it could potentially result in extremely sensitive information becoming public.”

This article originally appeared on JTA.org.

This is a moment of great uncertainty. Here’s what you can do about it.

We hope you appreciated this article. Before you go, we’d like to ask you to please support the Forward’s independent Jewish news this Passover. All donations are being matched by the Forward Board - up to $100,000.

This is a moment of great uncertainty for the news media, for the Jewish people, and for our sacred democracy. It is a time of confusion and declining trust in public institutions. An era in which we need humans to report facts, conduct investigations that hold power to account, tell stories that matter and share honest discourse on all that divides us.

With no paywall or subscriptions, the Forward is entirely supported by readers like you. Every dollar you give this Passover is invested in the future of the Forward — and telling the American Jewish story fully and fairly.

The Forward doesn’t rely on funding from institutions like governments or your local Jewish federation. There are thousands of readers like you who give us $18 or $36 or $100 each month or year.

Don't just read the Forward - invest in it. Make a matched gift today.

Support our mission to tell the Jewish story fully and fairly.

$120 $180 $360 OTHER AMOUNT