In a surprising turn of events following the 23andMe data leak update released today, the popular DNA analysis is grappling with the aftermath of a massive backlash, leading to a cascade of more than 30 lawsuits from the part of the users concerned. Contrary to expectations for a quick and responsible response, 23andMe took an unconventional route by placing the blame on its own customers.
In a letter sent to a group of victims, the company suggests that the breach occurred due to users’ careless recycling of passwords, downplaying its own role in the data security disaster. The company, known for providing information on ancestry and genetic predispositions, is under scrutiny for its handling of the situation.
Breaking down the 23andMe data leak and the blame game
In order to distance oneself from guilt, 23andMe insists that users failed to update their passwords following unrelated security incidents. The company maintains that the infringe was not the result of its alleged failure to maintain reasonable security measures, drawing criticism for what some see as a misplaced attempt to shift blame.
The company’s latest update on the 23andMe data breach states: “In early October, we learned that a malicious actor had accessed a number of individual 23andMe.com accounts through a process called credential stuffing. That is, the usernames and passwords used on 23andMe.com were the same as those used on other previously compromised or available websites.
Added to 23andMe data leak update, the company said: “We have no indication that there was a data security incident in our systems, or that 23andMe was the source of the account credentials used in these attacks. »
THE 23andMe data breach, revealed in December, revealed that hackers had stolen genetic and ancestry data on a staggering 6.9 million users, almost half of 23andMe’s customer base. The company’s recent update sheds light on the incident, indicating that malicious actors used a technique known as credential stuffing to gain access to certain user accounts.
23andMe faces more than 30 lawsuits over data breach
The initial breach targeted approximately 14,000 user accounts, exploiting passwords associated with targeted customers. However, the situation worsened when hackers, having accessed this subset, were able to recover the personal data of an additional 6.9 million customers who had opted into the 23andMe DNA Relatives feature.
The Cyber Express, in an attempt to learn more about the consequences of the 23andMe data breach, contacted the organization. However, at the time of writing, no official statement or response has been received.
The aftermath of the breach led to more than 30 lawsuits, with users expressing their dissatisfaction with 23andMe’s handling of the situation. Critics argue that the company should have put better protections in place, given the sensitive nature of the information it stores.
As the 23andMe data breach continues to spread, the company faces not only the technical challenges of securing its platform, but also the daunting task of regaining user trust.
The blame game launched by 23andMe has further fueled discontent among users and the broader community, highlighting the need for a more transparent and accountable approach to such phenomena. cyber incidents.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. The Cyber Express assumes no responsibility for the accuracy or consequences of the use of this information.