23andMe Blames Data Breach Victims for Massive Data Breach – Is that Really Fair?
23andMe Blames Customers for Password Reuse in Response to Lawsuit Filed by Victims
23andMe blames victims for data breach | ENBLE
Introduction
In a shocking turn of events, 23andMe, the popular genetic testing company, is deflecting blame onto the victims of its massive data breach. With over 30 lawsuits filed against them, 23andMe seems to be grasping at straws to absolve themselves of any responsibility. Let’s delve into the details and examine whether this blame game is justified.
The Data Breach
Back in December, 23andMe confessed to a data breach that exposed the genetic and ancestry data of a staggering 6.9 million users, nearly half of its customer base [^1^]. The breach started with hackers targeting 14,000 user accounts by using a technique called “credential stuffing,” where they used passwords known to be associated with those accounts [^2^]. However, things took a turn for the worse when the hackers realized they could access the personal data of the other 6.9 million customers through 23andMe’s DNA Relatives feature [^3^].
In a surprising twist, 23andMe has argued in a letter to the victims that the breach occurred because users “negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe” [^1^]. Essentially, they are shifting the blame to the victims themselves and claiming that their breach was not a result of inadequate security measures on their part [^1^].
The Victim’s Perspective
Unsurprisingly, the victims and their lawyers are not buying into this blame game. Hassan Zavareei, one of the lawyers representing the victims, called out 23andMe for “shamelessly” blaming the customers [^1^]. Zavareei argues that 23andMe should have implemented safeguards against credential stuffing, considering the sensitive nature of the data they handle [^1^]. Moreover, the breach affected millions of consumers who used the DNA Relatives feature, which is entirely unrelated to recycled passwords [^1^].
Dante Termohs, a 23andMe customer, expressed his disappointment, stating that it’s “appalling that 23andMe is attempting to hide from consequences instead of helping its customers” [^1^]. It seems that customers expected better protection and support from a company holding their most personal and intimate data.
- The Massive Market Gap: Duly’s Quest to Bridge the Contraceptive Ca...
- 🌊 Aqua Security Raises $60 Million in Funding, Extends Series E Ro...
- Israeli Cybersecurity Industry: Navigating the Fluctuating Funding ...
The Legal Battle
Despite 23andMe’s attempts to downplay the impact of the stolen data, lawyers argue otherwise. They maintain that the stolen information can indeed be used for harm, given the sensitivity of genetic and personal identifying information [^1^]. While it is true that the stolen data did not include social security numbers, driver’s license numbers, or payment information, it doesn’t discount the potential risks and the violation of privacy [^1^].
In response to the breach, 23andMe reset all customer passwords and made multi-factor authentication mandatory [^1^]. These measures were undoubtedly necessary but came a little too late. The company also changed its terms of service to make it more difficult for victims to come together in legal action against them [^1^]. However, these cynical changes did not deter a surge of class-action lawsuits against the company [^1^].
Q&A: What You Need to Know
Q: How can I protect myself from data breaches? A: While data breaches are often out of your control, there are steps you can take to enhance your security. Strong and unique passwords, enabled two-factor authentication, and regular monitoring of your accounts are crucial in safeguarding your personal information.
Q: What are the potential risks of a data breach involving genetic and personal identifying information? A: Genetic and personal identifying information is highly sensitive and can be used for various nefarious purposes. It can be leveraged for identity theft, genetic discrimination, and unauthorized access to your medical history.
Q: Are there any similar cases of data breaches in the genetic testing industry? A: Yes, unfortunately, there have been other notable data breaches in the genetic testing industry. An example is the breach experienced by MyHeritage in 2018, where the data of 92 million users was compromised [^4^].
The Fallout and Future Implications
The aftermath of this data breach and the ensuing legal battle will have significant consequences for both 23andMe and the genetic testing industry as a whole. Companies will face increasing pressure to prioritize robust security measures and be held accountable for any negligence in protecting user data. As customers become more aware of the risks and demand better security practices, companies like 23andMe will need to step up their game.
Conclusion
23andMe’s attempt to shift the blame onto its customers raises important questions about the responsibility of companies in safeguarding user data. While it is essential for individuals to take precautions to protect themselves, companies handling sensitive data must also bear the responsibility of implementing robust security measures. As the legal battle unfolds, it’s crucial for users to stay informed and demand better protection of their personal information.
Contact Us: Do you have more information about the 23andMe incident? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb or email [email protected]. You can also contact ENBLE via SecureDrop.
Image Source: ENBLE
References: – [^1^] 23andMe Blames Data Breach Victims for Massive Data Breach – [^2^] Hackers stole the genetic and ancestry data of 23andMe users – [^3^] All About DNA Relatives Feature – [^4^] MyHeritage Data Breach
Enjoyed this article? Share it on social media and spread awareness! 🚀
