In light of being hit with more than 30 lawsuits as a result of the colossal data breach it experienced, 23andMe have sought to lay the blame at the victims’ feet to absolve itself of any liability, as evidenced by a letter this firm dispatched to a group of victims, obtained by TechCrunch.
Genetics testing company 23andMe is under fire. Instead of accepting its part in this monumental failure of data security, the company appears to have chosen to shift the blame onto its customers, as shared in an email to TechCrunch by Hassan Zavareei – one of the legal representatives of the victims.
Previously in December, 23andMe confirmed that hackers had pilfered the genetic and ancestry data of an astounding 6.9 million users, which accounts for nearly half its customer base.
23andMe only started mandating 2-factor authentication on user accounts after the breach.
The origins of this breach lay with the violation of roughly 14,000 user accounts via the potent method of credential stuffing. This technique involves brute-forcing accounts with the use of passwords known to be linked to the targeted customers.
This is why it’s important to use a random and unique password for every single account you have.
Less than 14,000 users may have been the initial victims, but the actions taken by these cyber criminals led to the exposure of the personal data of an additional 6.9 million users, as they had granted access through the 23andMe DNA Relatives feature, which permits the automatic sharing of some customer data with individuals recognized as relatives on their platform.
However, there has been no response to requests for comment from TechCrunch by 23andMe or its legal advisor.
If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.