In a startling turn of events following the 23andMe data leak update released today, the popular DNA analysis is grappling with the aftermath of a massive backlash, resulting in a cascade of over 30 lawsuits from affected users. Contrary to expectations of a swift and responsible response, 23andMe has chosen an unconventional path by deflecting blame onto its own customers.
In a letter sent to a group of victims, the company suggests that the breach occurred due to users negligently recycling passwords, downplaying its own role in the data security disaster. The company, known for providing insights into ancestry and genetic predispositions, finds itself under intense scrutiny for its handling of the situation.
Breaking Down the 23andMe Data Leak and the Blame Game
In a bid to distance itself from culpability, 23andMe insists that users failed to update passwords following unrelated security incidents. The company contends that the breach was not a result of its alleged failure to maintain reasonable security measures, sparking criticism for what some consider a misplaced attempt to shift responsibility.
The company’s latest update on the 23andMe data breach reads, “In early October, we learned that a threat actor accessed a select number of individual 23andMe.com accounts through a process called credential stuffing. That is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously compromised or otherwise available.”
Adding to the 23andMe data leak update, the company said, “We do not have any indication that there was a data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks. ”
The 23andMe data breach, which came to light in December, revealed that hackers had stolen genetic and ancestry data from a staggering 6.9 million users, nearly half of 23andMe’s customer base. The company’s recent update sheds light on the incident, indicating that threat actors utilized a technique known as credential stuffing to access select user accounts.
23andMe Faces 30+ Lawsuits Following the Data Breach
The initial breach targeted around 14,000 user accounts, exploiting passwords associated with targeted customers. However, the situation escalated as the hackers, having gained access to this subset, were able to scrape personal data from an additional 6.9 million customers who had opted into the 23andMe DNA Relatives feature.
The Cyber Express, in an attempt to learn more about the fallout of the 23andMe data breach, reached out to the organization. However, at the time of writing this, no official statement or response has been received.
The fallout from the breach has led to more than 30 lawsuits, with users expressing discontent over 23andMe’s handling of the situation. Critics argue that the company should have implemented better safeguards, considering the sensitive nature of the information it stores.
As the 23andMe data breach continues to unfold, the company faces not only the technical challenges of securing its platform but also the daunting task of regaining user trust.
The blame game initiated by 23andMe has further fueled discontent among users and the broader community, highlighting the need for a more transparent and accountable approach in the face of such cyber incidents.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.