23andMe: DNA Relatives, Connections, Event History Report and Other Security Tools

A few days ago, I suggested a pause strategy while you ponder whether or not you wanted to delete your DNA file in light of the recent data exposure at 23andMe. I need to revise this with additional information today.

First and foremost, disabling DNA Relatives does NOT remove all matching. You need to remove Connections separately.

Secondarily, there’s a report at 23andMe for you to order to determine whether your account may have been individually compromised. I’ve described how to find it and use the information in the report.

This article includes several sections with important information about how these intertwined features at 23andMe work and instructions to protect yourself.

  • An update on the breach situation with informational links
  • Customer notifications
  • Confusion regarding types of sharing – DNA Relatives vs Connections
  • Explaining the difference between DNA Relatives and Connections
  • Step-by-step instructions for removing Connections – disabling DNA Relatives doesn’t accomplish this or stop matching/linkage to Connections
  • Who sees what, when?
  • DNA Relatives and Connections comparison chart
  • Account Event History – how to determine when your account was signed into, from where, what they (or you) did, and when
  • Deletion instructions and caveats
  • Summary

Update on Breach Information

I’m not going to post anything from the hacker(s) – but please, in an abundance of caution, presume your data is now available publicly or will be when the hacker sells the balance of the accounts they have and act accordingly.

The hacker has posted millions of accounts already, and I know people who have found themselves in the “sample” download provided by the hacker to convince people that the breach and resulting data is for real. If you really want to see this for yourself, the hacker, Golem, is very active at BreachForums, under Leaks, 23andMe – but I DO NOT recommend hanging out there. I reached out to colleagues who work with security and breach monitoring services. I am not poking around myself.

This 23andMe customer information first appeared in August, not October, when a hacker by a different name on Hydra posted images of the accounts of both Sergey Brin and Anne Wojcicki, CEO of 23andMe and her former husband, CEO of Google. The hacker said that the information was obtained through an API provided by 23andMe to pharmaceutical companies. Additionally, the hacker said they had already sold all of that initial data to “an individual in Iran.” You can read about this here.

Furthermore, if what the hacker or hackers say is accurate, this situation is far more serious than a password recycling issue. I don’t want to speculate because I can’t verify, although many people have written to me to say two things:

  • They were seeing leaked customer information weeks earlier
  • They did use a unique password at 23andMe

Here are four additional articles that I suggest reading to understand the scope of the situation and why there’s so much uncertainty:

One of my blog readers asked why anyone would want to do this. Of course, there can be many or even multiple motivations, but based on some of the commentary, it appears that Jewish people were targeted and compiled identifying data sold to Iran who backs Hamas. If you’re a Jewish person, anyplace in the world, you have to be extremely concerned especially since this test identifies your closest relatives and (if provided) the location where you live.

Both 23andMe and Ancestry display your current location if provided and selected. I NEVER recommend doing that under any circumstances. Of course, if the hacker gained access to individual accounts as reported and you entered that information, even if you didn’t choose to share it, they have it anyway.

Customer Notification

Please note that so far, the only notifications received by 23andMe customers say that their information was revealed through DNA relatives, meaning that at least one of their matches’ accounts was compromised. No one, to my knowledge, has received a notification that their own account has been directly compromised. Perhaps 23andMe doesn’t know whose accounts were compromised yet.

Near the end of this article, I’ll show you how to obtain a list of all the activity that has taken place on your 23andMe account so you can see if there are logins from locations not your own or other suspicious activity.

According to the original announcements from 23andMe and others, the data exposure was a result of two things:

  • Direct access to accounts due to reused passwords allowing the hacker to aggregate data and sign in as the user. You can see if your email address has been found in a data breach at the site, haveibeen pwned.com. I know this list is incomplete, though, because I’ve been notified by letter by other companies not listed here.
  • DNA Relatives information shows DNA matches, segments, and your matches’ potential relationships to each other along with their shared data, permitting triangulation.

The more I read about this from credible sources, combined with how 23andMe has handled this situation, the more “uncomfortable” I become.

Before 23andMe even straightened this mess out, this week, they introduced a new “Total Health” subscription for the low price of $99 PER MONTH. Seriously. Billed as one payment of $1,188 per year. To me, this smacks of a company desperate for money.

How do we even begin to place any confidence in this service, given what has already been exposed and the unanswered questions? Especially given that for weeks, 23andMe dismissively replied to customers who informed them of the issue that their systems had not been accessed in an unauthorized manner. Not to mention, this announcement is entirely tone-deaf as we struggle to deal with what has already been exposed one way or another.

In response to this, if you still want to maintain your existing account at 23andMe, I have help for you. If you want to delete it, I’ve provided instructions for that too.

Questions and Challenges

I discovered that DNA Relatives and Connections don’t work in exactly the way I believed they did, and it’s very confusing. Nothing, not one thing that 23andme has provided has addressed exactly what information has been exposed or what customers can do other than change their password and add 2FA.

  • Was the breach only DNA Relatives, or was it Connections, too?
  • Connections is essentially a subset of DNA Relatives plus potentially some unrelated people.
  • Not everyone has DNA Relatives enabled, but if not, Connections still exposes/exposed you if your account was individually breached.
  • 23andMe only mentioned DNA Relatives, so you may think you’re in the clear if you don’t have DNA Relatives enabled. That’s inaccurate if you have any Connections and your account was individually breached.
  • If the hacker did sign on to your account, Connections are equally vulnerable.
  • The hacker could enable DNA Relatives without your knowledge to create a more lucrative fishing environment. I’ve provided instructions for how to determine if this might have happened.

Disabling DNA Relatives is not enough.

23andMe Sharing Options Are Confusing

I first reported the breach here and said in my article, here, that a pause strategy would be to stop sharing in DNA Relatives, which would effectively provide you with time to make a decision.

I knew that DNA Relatives did not unilaterally disable Connections, but I did NOT realize how much information your Connections can see.

Over the years, 23andMe has revised how their sharing works. I remember when DNA Relatives opt-in and opt-out was added in 2014. It was extremely confusing then and still is.

DNA Relatives and Connections are confusing individually and together. I could not find any feature comparison or side-by-side table for each tool, either individually,  compared to each other, or with both enabled.

Because of this confusion, what we need right now is a one-button invisibility cloak that we can click to JUST STOP being visible to everyone until we reverse the invisibility cloak by opting in again – without losing anything or being penalized.

That’s what most people think happens when you stop sharing through DNA Relatives, but it’s not.

There is no invisibility cloak at 23andMe like there is at other vendors.

No Invisibility Cloak

I spent a considerable amount of time over the past few days trying to figure out the differences between DNA Relatives and Connections.

Believe it or not, that information was almost impossible to find, as it was scattered piecemeal across several places.

Let me step you through where to find it, and then compile an easy reference.

If you sign on to your account, you can see on the left-hand side that you have several selections under DNA Relatives.

Under Connections, you have the statuses of Connected, Pending, and Not Connected.

If you mouse over Connections, you see a general description.

I have two separate tests at 23andMe, and I have DNA Relatives enabled on one of the tests and disabled on the other, so I can see the differences when compared to the same people.

I have 1803 DNA Relatives, meaning matches, but the connections option told me that 348 were also Connections.

Why Do I Have 348 Connections?

Remember that 23andMe limits your matches to 1500, and the lowest matches roll off your match list without a subscription, which was only introduced in the last year or so. The subscription only allows 5,000 matches before the matches roll off your match list.

The only way to prevent matches from rolling off your list was/is to “Connect” with them, either through DNA relatives or initiating messaging. So, for years, genealogists sent a connection request to every match they had, beginning with the smallest first, in order to preserve matches that would otherwise be gone. That’s why I have 1803 matches and not just 1500 like I do on the second account where I have not established “Connections.”

Given my number of matches at the other DNA testing companies, I would likely have well over 20,000 matches, so preserving as much as possible was important to genealogists.

Understanding Connections

I switched to a different account that I manage that opted out of DNA matching a decade ago, but has more Connections than I do with many of the same people that I match.

You can view your DNA Connections by clicking on Family & Friends and then on Your Connections.

As you can see on the left, you can either share “Ancestry” with these Connections, which means typical genealogy info, or “Health + Ancestry.” Relevant to the breach, your Ancestry Composition (ethnicity) results as compared to your Connections (and DNA Relatives) are shown.

You can invite anyone to connect with you, including people on your match list or anyone else you know who has tested. In other words, your spouse or a cousin whom you DON’T MATCH.

Here’s an example of a cousin by marriage who I’ve known for years. We connected even though we don’t match and are only related by marriage.

Some Connection invitations that you receive or send are for Ancestry only, and other invitations are for BOTH Ancestry and Health.

Melissa sent me a combined request for both Ancestry and Health.

Remember that the focus of 23andMe has always been medicine, big pharma and health. Unfortunately, 23andMe PRECHECKS to accept the Health sharing option when you’ve been invited to share Health. It’s easy to miss, so UNCHECK Health if you don’t want to share YOUR HEALTH INFORMATION. The only people I’ve ever shared Health with are my immediate family members.

What’s Different?

I wanted to know what information was different about someone you’re NOT connected with and someone you’re connected with.

One of my DNA matches, Gwen, requested a Connection. Here’s the information I can see with Gwen before her Connection request.

I verified that this information is accurate by comparing Connections requests with a family member who is opted into DNA Relatives, one who is not, and also with my research-buddy cousin who is a Connection but not a match.

Any one person can potentially be:

  • A DNA Relative and not a Connection
  • A Connection and not a DNA Relative
  • A Connection but not participating in DNA Relatives even though they are a match

Today, the information a Connection and a DNA Relative can see since 23andMe disabled some DNA Relatives features seems identical.

Gwen’s profile card shows her name, location where she lives, and year of birth, if provided and selected for display. She obviously did not allow her birth year to be displayed, but she did allow the city/state where she lives.

23andMe estimates how I may be related to Gwen and how much DNA we share..

Gwen’s family background, which I’ve blurred. I have removed my information as I ponder whether to delete my account or not.

Ancestry Composition (ethnicity) of both people. Note that even if DNA Relatives is not enabled, either person’s account can view the shared ethnicity of both accounts.

Amounts of Neanderthal Ancestry.

How Sharing Works

23andMe discussed sharing, but differentiating between DNA Relatives and Connections is unclear.

Based on my comparison and their descriptions, I think I’ve figured out the differences. Let’s begin with their description of how sharing works.

Here, they describe part of what Connections shows.

At this point, the features of DNA Relatives that were available IN ADDITION to what could be viewed in Connections have been disabled due to the breach.

The next image is part of the Connections section, followed by DNA Relatives,

I was surprised that Shared DNA was displayed using Connections alone, before 23andMe (possibly temporarily) disabled this functionality in response to the breach. I would have presumed that if you disabled DNA Relatives, your DNA would NOT have been shown to your DNA relatives.

DNA Relatives was necessary for advanced features, including viewing relationships between your matches, meaning you and two other people, and also between your matches and each other. That means you could compare them to each other.

That feature selection is now gone as well. For the record, this graphic was out of date anyway, but now it doesn’t matter.

Connections DOES have access to the tree calculated by 23andMe but (apparently) only for people you are connected with unless you have DNA Relatives enabled. Please note that all accounts managed by one person appear to be connected to each other, although that might not be universal. I manage four kits, and all of them are shown as connections to each other.

Considerations provided by 23andMe

Here’s what they don’t say.

Disabling Your DNA Relatives Option does NOT Change Connections

This is very important considering how much information Connections can view:

  • Disabling DNA Relatives does NOT disable sharing. You can disable DNA Relatives across the board with one setting, but you CANNOT do that with Connections.
  • Each Connection must be deleted individually.

After you disable DNA Relatives, as I described in this article, under the heading, “Opting Out of DNA Relatives” you need to additionally remove each Connection if you genuinely don’t want to be seen by other people as a match. If you DO want to be seen as a match, then don’t disable DNA Relatives.

DNA Relatives will eliminate new matches from automatically occurring but won’t remove anyone you’ve previously added as a Connection.

To view and edit your connections, select “Your Connections” under “Family and Friends.”

For each Connection, click on the gear, then select which type of sharing to remove.

Please note that you may have to refresh the page to reload Connections, as there is no “load more” button, until you see the message, “You aren’t connected with anyone yet.”

Connections Versus DNA Relatives Chart

If you’ve had a hard time keeping this straight, me too. I created a chart that lists each feature and if it’s present in DNA Relatives, Connections, or both.

Feature Connections Only DNA Relatives Comment
Profile Yes Yes
Current Location, Year of Birth, Genetic Sex Yes Yes If provided and selected for display
Additional info about yourself Yes Yes If provided
Prevents Rolling Off Match List at Threshold Yes No Only Connections or people you’ve initiated contact with are retained
Matches Yes, only Connections Yes
Non-Relatives Can send an invitation to people you’re not biologically related to meaning not on your match list No, only DNA matches
Ancestry Yes Yes, plus shared matches and additional information If selected
Health If selected If selected
Genetic Relationship Yes Yes Estimated
Shared DNA Percent Yes Yes
Genetic Constructed Family Tree Connections only Yes all To about 4th generation shared ancestors
Family Background – birth places of grandparents Yes Yes
Other ancestors’ birthplace Yes Yes
External Family Tree Link Yes Yes If provided
Ancestry Composition (ethnicity) Yes Yes
Shared ethnicity Yes Yes
Maternal, Paternal Haplogroups Yes Yes Base to mid-level
Neanderthal Ancestry Yes Yes
Matching segments Shown in 23andMe documentation, currently disabled Yes, currently disabled Disabled due to breach
Chromosome browser Not shown in 23andMe documentation Yes, currently disabled Disabled due to breach
Shared matches No Yes, currently disabled Disabled due to breach
Triangulation No Was changed recently to be more difficult, now disabled Disabled due to breach
Shared Matches compared to each other’s tests No Yes, currently disabled Disabled due to breach
Shared Matches relationships to each other No Yes, currently disabled Disabled due to breach
Download Matches I don’t think so, but I can’t positively confirm Yes, currently disabled Disabled due to breach
Download Segment information No Yes, currently disabled Disabled due to breach
Download Raw data file (Your own) Yes Yes

Now that you know what can be seen and done and by whom, let’s take a look at how your account has been accessed.

Account Event History – Who Signed In To Your Account?

There’s a little-known feature at 23andMe that you can utilize to view the locations of sign-ins to your account and what was done, including changes and file download requests.

Navigate to settings.

Scroll down to “23andMe Data,” then click on View.

Scroll to profile data, click on “Account Event History,” then “Request Download.” 23andMe says it may take several days, but mine was ready the following day. You’ll receive a link to sign in and download a spreadsheet. Click on the blue “Account Event History” to download the report.

At the top, you’ll see column names. Please note that I added the Location column to record the results of the “Client IP Addr” lookup.

The “Client IP Addr” field is a record of where the login was initiated from. It’s your electronic address, or more specifically, the address of your internet provider, and it may not be the exact town where you live, but someplace close. I’ve blurred mine, but not where failed logins originated.

I use this site or this site to identify IP address sources.

As you can see, on May 1, 7, and 10, someone tried to sign in with my email address. It wasn’t me or the region where I live, and I was not traveling.

I was able to track these IP addresses to cities but not to individuals, of course. One tracked to a specific Internet Service Provider in that city, but nothing more.

However, that tells me that someone tried three times to use what was probably a compromised password. Thank goodness I don’t reuse passwords.

I also need to mention that you can find legitimate differences in location. For example, if you are traveling or use tools like Genetic Affairs that sign on on your behalf from their location, the IP address will reflect connection services from those locations.

You will also see interesting IP addresses, like that 127 address. That means the host computer made the change. In essence, that means that another 23andMe user removed sharing with me. That’s clearly legitimate.

I did not see any successful sign-ins from unauthorized locations. If you see a successful sign-in from an unknown location that’s not close to your home sometime in 2022 or 2023, and you weren’t traveling, nor using a location masking tool like TOR, then please notify 23andMe immediately.

The notification email I received from 23andMe was that my information had been exposed through DNA Relatives. Based on their notification in addition to the information in my report, my personal account does not appear to be individually breached.

23andMe clearly has access to this IP address information for all users, so I’m really surprised that they have not notified anyone, at least not that I know of, that their accounts have been DIRECTLY compromised – meaning NOT through DNA Relatives. Even if someone signed on using the correct password, there could/should be some pattern of sign-ons through not-normal locations for a group of customers during this time.

Of course, if the hacker was telling the truth and the breach was NOT through password reuse (stuffing,) and was through an API, neither users nor 23andMe may see unauthorized account accesses. I hope 23andMe and the professionals they have retained are able to sniff out the difference and will update their customers soon.

Regardless, I recommend requesting and reviewing this report and implementing 2FA everyplace that you can.

Deleting Your Profile

Based on your comfort level, you may decide to delete your test at 23andMe. It’s a personal decision that everyone has to make for themselves. There is no universally right or wrong decision, and I’m not recommending either way.


  • If you want to delete only your profile, you can transfer other profiles under your care to someone else.
  • If you manage multiple profiles and click delete, all of the profiles you manage will be deleted.

To find the delete function, click on the down arrow by your initials at top right, then on Settings.

Scroll to the very bottom.

Click on “View,” then scroll to the bottom to the Delete Data section.

23andMe provides links in this section to review, so please do. This includes information about how to transfer profiles and things to consider.

If you want to download your raw DNA file to use as an upload to other vendors, be sure to do it before you delete, because it won’t be available after. You can find instructions, here.

Remember, delete is permanent, and you’ll need to pay to retest if you change your mind.

In Summary

I hope this information has helped organize and explain things in a logical manner.

To recap, to become totally invisible, meaning no other tester can see you:

  • Disable DNA Relatives
  • Delete Connections individually and selectively

If you delete connections and those matches are lower than your 1,500th match, they will roll off your match list unless you have a subscription, and then it’s 5,000.

Additional Tasks

  • Request your Account Event History and review for anomalies.
  • For security purposes, change your password to one you have not used elsewhere, if you have not already, and enable 2FA.

I hope that 23andMe has or will take care of whatever issues they have, post haste, and will be transparent about what actually happened. I also hope they will find a way to re-enable the tools that have been disabled. That functionality is critically important to genealogists, and without those tools and the lack of trees, there’s little reason for genealogists to test at 23andMe.

We can’t change what has already happened. Each one of us has to decide whether we want our test to remain at 23andMe and, if so, what steps we want to take to move forward successfully.

I hope this information helps you decide how to handle the situation and perhaps relieve some anxiety. Now you know how to check your activity report, understand who sees what in DNA Relatives and Connections, associated options, what needs to be done, and how to take appropriate action.

Other Vendors

You probably have observed and will continue to see other vendors implementing additional security measures, such as required 2FA, precautions against account scraping, and not accepting uploads from 23andMe in case the hacker downloaded DNA files.

These revisions may be temporary or permanent, or some of each. I’m grateful for each vendor taking steps to protect our information from unauthorized access. I’ll write more after things settle down and we better understand the new landscape.


Follow DNAexplain on Facebook, here.

Share the Love!

You’re always welcome to forward articles or links to friends and share on social media.

If you haven’t already subscribed (it’s free,) you can receive an email whenever I publish by clicking the “follow” button on the main blog page, here.

You Can Help Keep This Blog Free

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Uploads

Genealogy Products and Services

My Book

Genealogy Books

  • com – Lots of wonderful genealogy research books
  • American Ancestors – Wonderful selection of genealogy books

Genealogy Research

59 thoughts on “23andMe: DNA Relatives, Connections, Event History Report and Other Security Tools

  1. I wish you had included a discussion about downloading their raw dna and uploading to other websites. I think it would be a shame if someone deleted their account and loose access to their dna that was paid for.

  2. Let people know that when they go to remove Connections, to check for “load more” in a small font at the bottom of the list. I did this multiple times in both the Connections section and the invitations pending section, until there weren’t any more. I thought I was done – there wasn’t a “load more” button at the bottom at either section.

    But when I refreshed the page, or went to another page and came back, there were more in both sections. I had to remove/load more/refresh multiple times. I’m not sure that I asked this many people for connections – some of them I know I did, others – maybe I just don’t remember. But I wonder if this is part of the strategy of the malefactors.

    Finally, when I clicked on Family&Friends/Your Connections, I got a page that says
    “You aren’t connected with anyone yet.”
    “Connecting with friends and family allows you to share reports and activate comparison tools.”
    “Invite People to Connect”
    So don’t think you’re done with this part until you get this message.

    Then, in Privacy and Sharing, I chose to block all sharing invitations.

    Thanks Roberta, once again, for your vigilance and for sharing your expertise with the rest of us.

  3. I went to the settings under my profile and did not find the account event history setting. Is that available to everyone or just the 23andme plus members?

  4. I went to my profile and looked under settings. I did not have a setting for Account History events. Is that available to everyone or just 23andme plus members

  5. While canceling my Connections, I got the message “We had an issue retrieving your data. Please try again later.”
    I guess I will take a break and check later, but this is frustrating, even if it’s due to a lot of people trying to cancel Connections.

  6. For those having trouble finding the report.

    ‘Settings’, Select the Profile, scroll to bottom where you see ’23&Me Data’ click ‘View’, then scroll down to ‘Profile Data’ and the ‘Account Event History’ is the first option.

    • I checked on this today. You can block people you’ve messaged with, but you cannot delete the messages. Actually, I found that reviewing them was useful as I had forgotten some things.

  7. After you get the email that your request is ready to download, it goes to the page where you can down lots of things, but this report doesn’t seem to be listed. How do you find it? I tried ‘report summary’ but that only gave ethnicities and traits. Next on their list are”Ancestry composition”, “DNA Relatives download”, “Family Tree download”, and “Raw Data.” Below all those is “Profile Data” where we requested this file. It has ‘Request Download’ but doesn’t say how to get the results. Only thing left on that page is to Delete account. Where did you find the report?

    • After you request the download, you’ll see the “Pending Since” date. After you receive the email that it’s ready, you should see that it’s ready and just click on the report name.

    • I checked this again since I’m back home now. Go to Settings, again, then scroll to 23andMe Data, then click on View, then you’ll see the Account Event History at the top of the Profile Data reports page.

  8. Thank you for the info. Were you aware that MyHeritage has also just withdrawn their chromosome browser / triangulation capability as well?

      • … but when the MH tools came back, they were missing the capability of clicking to download a .csv file both from the relative’s page–and from any chromosome browser page stemming therefrom.

  9. Thank you so much for this! I don’t have any connections (fortunately) so I must have been exposed through a DNA Relative. I use a unique password for 23 and Me, so their email blaming reused passwords confused me. Thanks to you, I downloaded my Account History and just went through it. The only failed login was from a few days ago, from my home IP Address, and due to me forgetting that I had changed my password a few days prior. I feel better about my account not being hacked directly, but still not happy that my information was compromised through links to others.

  10. It would seem that your post had some effect at 23andme. I requested download of my account history last night. When I opened the file this morning, “Location” was not one of the columns in the file nor was “Event time.” The file did have “time created” so I still could sort the data chronologically. Thankfully, my account doesn’t appear to have been directly accessed without authorization.

    • I should have said that I added the final column, location, so I could record the results of my IP address search.

  11. Thank you for all you do to keep us informed..and safe. Knowledge, as always, is power. I would not have thought to check account activity but that helped to reduce anxiety about the unknown. I intend at some point to delete my test and one I manage from 23andme (uploaded both to FTDNA long ago). I’ve taken all the steps advised and added 2 step verification. But I’m thinking I’ll wait to delete those accounts until more is known in case I need to get back in for some reason. I tested at 23andme first – back in 2014 ( shortly after the FDA gave them clearance to offer testing again). But since I always recommend FTDNA first, then Ancestry and My Heritage and leave 23andme off that list. I know their emphasis at 23andme on health instead of genealogy plays into my decision on which company to recommend.

  12. Thank you for the “little-known feature at 23andMe”. I had no idea that account log information was available. I downloaded it and it checked out okay. But I have been a recipient of that letter saying that my information had been breached. I guess they were referring to exposure through other means.

  13. Thanks for the painstaking work you did — very interesting. Personally, I have elected to keep my DNA Relatives and Connections options in place, pending restoration. One of the ways I use Connections is to look at Ancestry matches who have tested at 23andMe but don’t make the cut-off for my list of DNA Relatives. It seems one-sided on my part to remove a Connection who has kindly responded to my email invitation. Since I am willing to share the information I put in my public profile with thousands of matches, I’m not overly concerned about sharing it with more.

  14. Thanks everyone for your questions and helping other folks out. I’ve updated portions of the article that were unclear, missing a step or needed a reminder. I sure hope this is the last article I need to publish about this!

  15. I try to log in, and it automatically says you have to reset. Then you never get the email to reset. Can’t even get in.

  16. familytreedna is stopped accepting raw dna uploads from 23andme.

    from their website
    “Unfortunately, at this time, you cannot transfer 23andMe© results.”

  17. Thank you for this!

    “This 23andMe customer information first appeared in August, not October, when a hacker by a different name on Hydra posted images of the accounts of both Sergey Brin and Anne Wojcicki, CEO of 23andMe and her former husband, CEO of Google. The hacker said that the information was obtained through an API provided by 23andMe to pharmaceutical companies.”

    See this makes more sense and also lines up with them changing triangulation tools in September. They saw the extra traffic on their servers/API and cut it off. I hope some day they actually tell us the truth before they destroy this hobby that we all love so much.

    The email address associated with my 23andMe account has been listed on Have I been Pwned 10 times, so I decided to download the account history events for mine. Thanks for that tip! Surely if hackers are trying old passwords, mine seems perfect to at least try. My 23andMe account is 11 years old and only 2 failed logins which were in 2017 and they were me trying to log in while visiting family.

    I hope the truth comes out about what happened.

  18. Perhaps you already covered this but I am still unclear on the risk…
    1) IF your account was compromised by connection to another account
    AND you delete your account, ARE you then protected or is the horse out of the barn?
    2) IF your account was compromised directly (accessed maliciously and data downloaded) is there any reason to delete your account?

    • For number one, the house is out of the bad. #2 if you’re sure that happened, probably not. However you could be concerned about what actually happened at 23andMr.

  19. I’d like to thank you for always sharing your knowledge and writing things up in a way that can be understood by us less technically proficient people. It’s especially appreciated for more urgent situations like this.

  20. I have for tests on my account, all family members. It appears that the Connections I have for me, my mom and my husband also show up under my daughter (who is NOT sharing or connecting with anyone). Now I’m concerned the people I have connected with can view my daughter’s results. Do you know if that is true?

      • I imagine so, based on a recent match that cropped up for me. I have been connected to a 3rd cousin for several years. Recently she showed up at the top of my most recent list, along with a 5th cousin match who didn’t share enough DNA to make the cutoff. That would fit with a granddaughter, but I haven’t confirmed that.

        However, as I mentioned above, I am not personally concerned about accounts with Connections remaining visible.

        • From what I can tell, the connections I have made with my matches are showing up under all of my family and it indicates that all are sharing with these connections. That should not happen. Yet another OOPS with 23andMe. There is no reason for my matches to be sharing anything with my husband.
          I hate to delete my account. I guess I will go in a shut down as much as I can.
          AND I will check the 23andMe Blog in order to keep abreast of what they are doing. It would be nice if they would send our emails along with updating their Blog. Again, that would mean they have some sort of Customer Service!

          • Your husband would not show up in some unrelated person’s Connections list. I logged into a cousin’s account to confirm this. He is connected to me at my request, and he also sees my son, even though I didn’t issue a connection request when his profile was active. My cousin does not see my husband in his Connections list.

          • I’m not sure I follow you. I have 5 profiles on my account and the Connections I have show up in all 5 profiles and the Connections my husband has shows up in all 5 profiles. Regardless, my Connections shouldn’t be showing up in any of the other profiles. I am pretty sure when I went in to remove the Connections it indicated my husband was sharing with my Connections. I will verify that once 23andMe figures out why I was kicked off the site last night. The Rep. I spoke to today was clueless and supposedly she was supposed to transfer me over to an “expert”, but hung up instead. Twice that has happened to me.

  21. We are launching a new membership this month: 23andMe+ Total Health.

    This will be our most advanced and comprehensive health membership combining clinical-grade exome sequencing, biannual blood testing and access to clinicians with training in genetics-based care. Members will get personalized recommendations with a focus on ongoing prevention and early detection.

    Total Health will be available to existing 23andMe customers as an upgrade in the spring of 2024. We are currently building a seamless upgrade experience for you to integrate your current account with the new membership, and we’ll be offering it to you at a special price. If you prefer to have immediate access, you can purchase with a different email address from your current 23andMe account, but please note that you will have two separate accounts.

    You can learn more here and sign up below to be notified when it’s available to you.

    The 23andMe Team

  22. Roberta,
    Thank you for the details in this post.
    Did every customer receive an email entitled “Update to our customers” or only customers that their information was compromised? This email is the only email I was able to find in my inbox.
    I was able to download my activity log, but I have questions about some of the activity. What does “authorized app” mean?
    I do have some IP addresses that are different than mine showing. I assume the ones with “Sharing invitation Accepted” is from the person I sent a request to share. Is this correct?
    The other unknown IP addresses appear to be someone getting into the acct, but I am not sure.
    And then there is the “API Mobile Login” entries…
    There are also some login entries with an unknown IP address with no logout entry, then there is a login entry from my IP address.
    This is all so confusing.
    23andMe is really dropping the ball on this issue. I have found their customer service to be lacking in service.

  23. An interesting development on my account. After downloading the event history log I decided to go in and stop sharing on all of the profiles on in my account. I also decided to remove all Connections. While I was doing that I received a couple of error messages that data was unable to load (or something to that effect). This came up on a couple of Connections, but I was able to move on to other Connections. All of a sudden I receive a different screen that had “Error 1015 You are being rate limited” Apparently I am banned by 23andMe and now I can not log in. Maybe someone is actually monitoring the site??? The error screen has “Performance & Security by Cloudflare”.

  24. I just got a call telling me my correct birth date and concerning my “DNA Test under Medicare”. The person was Indian. I could not understand him very well. It was a man. The phone number was 1 501 451 7486 ( out of Little Rock Arkansas).

    I just said ” Sorry I can’t understand you very well” who are you? What is this company”, “what is this about”, “sorry please repeat”. I kept up the “no-information” responses until the phone disconnected – about 1-2 minutes.

    So, I have 5000 relatives at 23&Me. I have a secure password and always did. I use unique passwords that I manage using Bitwarden.

    I have never had a DNA test paid for by Medicare.

    This is probably from the 23&Me leak but I have tree information a lot of places.

    I just thought I would post this here. I will report this to 23&Me.

    • I doubt this is related to 23andMe. Even if you chose to enter your birth year in your public profile, the bad actor would not have seen the month and date.

  25. Going through the event history log is so confusing. I downloaded my event history log and I am looking at the locations of some of the IP addresses and depending on which website I am using to look up the location of the IP address, I get three different locations for the same IP address. Example: one address is Washington, DC on one website and Connecticut on another. There is one website that indicated the IP address was either in Texas or Delaware.

    Added security to sign-in: I sent an email to FTDNA and to GedMatch to ask if they will be implementing Multi-Factor Authentication (MFA) to their login procedure. I did receive a reply from each. FTDNA said, “Thanks for contacting FamilyTreeDNA. We are currently working on MFA for our sign-in, but we do not have an exact date at this time.” GEDmatch said, “GEDmatch does not currently have two factor authentication. I am unable to comment on when such a feature would be added to GEDmatch.” I found GEDmatch’s response odd. Apparently they have had issues with forensic genealogists accessing accounts that did NOT opt in to allowing that access.

    I still haven’t received an explanation for being kicked off the 23andMe site while removing Connections. I didn’t even receive an email informing me that something had happened.

Leave a Reply