Last Friday, 23andMe confirmed something I've been worried about for years: someone's selling user data on crime forums. They tried to downplay it, calling the claims "unsubstantiated," but here's the thing - if your data's up for sale, does it really matter if they can't verify every detail?

The attackers used a scraping technique, basically grabbing bits of data from different accounts through the DNA Relative feature. You know, that opt-in thing that helps you find potential relatives? Yeah, that became the attack vector. They got into individual accounts and pieced together a massive dataset.

I've always been skeptical about storing genetic data online. Sure, companies tell you to use strong passwords and enable two-factor authentication, but this incident proves those safeguards aren't enough. MyHeritage had the same problem back in 2018 with 92 million users compromised. Seeing the same pattern repeat itself is frustrating.

The benefits of genealogy services are obvious - tracing your heritage, finding relatives you didn't know existed. But the risks are real and often underestimated. Remember when California law enforcement used GEDMatch to track down a suspect in a 40-year-old murder case? The suspect never even submitted their DNA - a relative's data was enough for a match.

This isn't going away. Every time we hand over our genetic data to these companies, we're taking a gamble on their security. I'm not saying don't use these services, but go in with your eyes open about what you're risking.