The 23andMe customer data compromise has reverberated throughout the technology industry, not limited to DNA testing.
The 23andMe compromise has provided the impetus for reflection and security and policy reviews at each DNA testing vendor.
That’s a good thing.
What has been and remains challenging is keeping track of which features have been disabled and are no longer available at each vendor as the vendors, including 23andMe, attempt to right themselves from this blow. Unfortunately, or maybe fortunately, we can’t just return to “business as usual.”
Some of these feature removals may only be paused, and a few have already returned. Some may never be resumed.
We don’t really know yet.
If you’re having trouble keeping track, welcome to the club.
The features that have been disabled are features that were exploited at 23andMe or could have been exploited by bad actors who signed on “as you,” exposing not only your data but that of your matches in one way or another.
To be very clear, there was no data leak or compromise at any other vendor, but some other vendors provide(d) similar features for their customers. Every vendor offering DNA testing to genealogists had to stop, pause, and reevaluate their security measures. That’s exactly what they should have done. Genetic genealogy is a team sport where compromising one person’s account exposes at least some information about thousands more individuals.
Every company has proceeded somewhat differently based on how their features work.
I’ve compiled a chart listing the four primary vendors alphabetically, with affected features.
The Scorecard
In this chart, “Not available” means the feature was available before the 23andMe incident but is not currently available.
| Feature | 23andMe | Ancestry | FamilyTreeDNA | MyHeritage |
| Two-factor Authentication (2FA)[1] | Required | Required | Will be required for project administrators and available for all users[2] | Will be required soon. |
| Forced Password Reset | Yes | No | May be required for project administrators. | Yes |
| Match information download[3] | Not available | Never was available | Not available until after 2FA implementation | Not available |
| Matching segment download[4] | Not available | Never was available | Not available until after 2FA implementation | Not available |
| Shared matches[5] | Not available | Available[6] | Available | Available |
| Shared matches who match each other | Not available | Never was available | Available thru Matrix, but not segments | Partially available through triangulation |
| Shared matches match segments | Not available | Never was available | Never was available | Never was available |
| Shared matches relationship to each other | Not available | Never was available | Never was available | Predicted available |
| Triangulation | Not available | Never was available | Available[7] | Available |
| Chromosome Browser | Not available | Never was available | Available | Available |
| Daily matching or browse rate limited[8] | No | No | No | Yes |
| Shared ethnicity with matches[9] | Not available | Available | Available by opt-in | Not available |
| Filter matches by ethnicity | Never was available | Never was available | Never was available | Not available
|
| Accepts 23andMe DNA file uploads | Not applicable | Never was available | Paused | Not restricted but not available because 23andMe does not currently allow the download of your raw data file |
Other features remain unchanged, so they are not mentioned.
I think I accounted for everything that has changed, including some features already resumed at MyHeritage.
23andMe has not stated if or when they will return any of the functionality that has been removed.
FamilyTreeDNA plans to return their paused features after 2FA has been implemented in early 2024.
Please note that this information may change at any time.
_____________________________________________________________
Follow DNAexplain on Facebook, here.
Share the Love!
You’re always welcome to forward articles or links to friends and share on social media.
If you haven’t already subscribed (it’s free,) you can receive an email whenever I publish by clicking the “follow” button on the main blog page, here.
You Can Help Keep This Blog Free
I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase your price but helps me keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.
Thank you so much.
DNA Purchases and Free Uploads
- FamilyTreeDNA – Y, mitochondrial and autosomal DNA testing
- MyHeritage DNA – Autosomal DNA test
- MyHeritage FREE DNA file upload – Upload your DNA file from other vendors free
- AncestryDNA – Autosomal DNA test
- AncestryDNA Plus Traits
- 23andMe Ancestry – Autosomal DNA only, no Health
- 23andMe Ancestry Plus Health
Genealogy Products and Services
- MyHeritage FREE Tree Builder – Genealogy software for your computer
- MyHeritage Subscription with Free Trial
- Legacy Family Tree Webinars – Genealogy and DNA classes, subscription-based, some free
- Legacy Family Tree Software – Genealogy software for your computer
- Newspapers.com – Search newspapers for your ancestors
- NewspaperArchive – Search different newspapers for your ancestors
My Book
- DNA for Native American Genealogy – by Roberta Estes, for those ordering the e-book from anyplace, or paperback within the United States
- DNA for Native American Genealogy – for those ordering the paperback outside the US
Genealogy Books
- Genealogical.com – Lots of wonderful genealogy research books
- American Ancestors – Wonderful selection of genealogy books
Genealogy Research
- Legacy Tree Genealogists – Professional genealogy research
[1] There has been a great deal of gnashing of teeth surrounding 2FA and how it’s implemented at each vendor. If you experience issues, please contact the vendor in question.
[2] At FamilyTreeDNA, testers utilize a kit number as their username, not their name or email. No place is the kit number publicly associated with the user’s name. In the 23andMe breach, the user’s email and passwords had been exposed in earlier breaches, so the hacker simply tried the same username and password at 23andMe, with great success. That scenario cannot occur at FamilyTreeDNA because the username is not their email address, which is why 2FA is not required for users. Administrators can select their username, so they will be required to utilize 2FA soon.
[3] This means information about your DNA matches other than your matching segments, such as email address, maternal or paternal matches, notes, surnames, and other relevant information.
[4] Matching segment information for each match. Used for triangulation, ancestor identification, and at DNAPainter.
[5] Shared matches between you and another match.
[6] Ancestry has recently announced that they will require a membership to view several features available with a DNA test, including Common Ancestors (ThruLines), Notes, Trees, Groups, and filtering matches by unviewed status. These features will not be available to DNA testers without an Ancestry subscription.
[7] Available if maternal/paternal matching is enabled. When matching, each individual who matches the tester and other testers and is bucketed on the same maternal/paternal side will triangulate on at least one segment.
[8] This is to prevent data scraping if a bad actor gains access to your account.
[9] The 23andMe data was reported to have focused on both Jewish and Chinese customers