Skip To Content
JEWISH. INDEPENDENT. NONPROFIT.
Fast Forward

23andMe sued after Ashkenazi Jews’ user data is stolen and sold in targeted attack

The database was published on dark web forums and includes information such as display names, sex, birth year, and some details about users’ genetic ancestry results

(JTA) — The genetic testing company 23andMe is facing a class action lawsuit over its security practices after hackers stole and published data about 1 million people with Jewish ancestry. 

The data breach was revealed on Friday after hackers published a database titled “ashkenazi DNA Data of Celebrities” on dark web forums. Most of the people on the list are not famous, and the database includes information such as display names, sex, birth year, and some details about users’ genetic ancestry results. 

The hacker from the initial leak offered to sell data profiles in bulk for $1 to $10 per account. But as many as 7 million accounts may be in the sale — half the users of 23andMe. It is unclear whether whoever compiled the Ashkenazi list — which actually has 999,999 entries — is the same as the group that put it up for sale, NBC News reported.

23andMe is treating the leak as authentic and investigating the incident. It is also requiring its users to change their passwords.

“We are taking this issue seriously and will continue our investigation to confirm these preliminary results,” the company said in a statement. 

It is also unclear why the data was stolen, and whether it is solely focused on Ashkenazi Jews. (The hacker also downloaded a separate file with data on more than 300,000 users with Chinese ancestry.)

“When data is shared relating to ethnic, national, political or other groups, sometimes it’s because those groups have been specifically targeted, but sometimes it’s because the person sharing the data thinks it’ll make reputation-boosting headlines,” Brett Callow, a threat analyst at security firm Emsisoft, told Wired.

23andMe confirmed last week that its data had been compromised but said that its systems were not breached. Instead, the company believes the hackers were able to get access to recycled passwords that had already been hacked and leaked on other websites and then used that information to scrape data through 23andMe, which gives its users access to each others’ genetic information to find relatives through a popular feature called “DNA Relatives.” 

“This incident really highlights the risks associated with DNA databases,” Callow said. “The fact that accounts had reportedly opted into the ‘DNA Relatives’ feature is particularly concerning as it could potentially result in extremely sensitive information becoming public.”

This article originally appeared on JTA.org.

A message from our Publisher & CEO Rachel Fishman Feddersen

I hope you appreciated this article. Before you go, I’d like to ask you to please support the Forward’s award-winning, nonprofit journalism during this critical time.

We’ve set a goal to raise $260,000 by December 31. That’s an ambitious goal, but one that will give us the resources we need to invest in the high quality news, opinion, analysis and cultural coverage that isn’t available anywhere else.

If you feel inspired to make an impact, now is the time to give something back. Join us as a member at your most generous level.

—  Rachel Fishman Feddersen, Publisher and CEO

With your support, we’ll be ready for whatever 2025 brings.

Republish This Story

Please read before republishing

We’re happy to make this story available to republish for free, unless it originated with JTA, Haaretz or another publication (as indicated on the article) and as long as you follow our guidelines. You must credit the Forward, retain our pixel and preserve our canonical link in Google search.  See our full guidelines for more information, and this guide for detail about canonical URLs.

To republish, copy the HTML by clicking on the yellow button to the right; it includes our tracking pixel, all paragraph styles and hyperlinks, the author byline and credit to the Forward. It does not include images; to avoid copyright violations, you must add them manually, following our guidelines. Please email us at [email protected], subject line “republish,” with any questions or to let us know what stories you’re picking up.

We don't support Internet Explorer

Please use Chrome, Safari, Firefox, or Edge to view this site.