23andMe blames users for data breach, citing recycled passwords

Genetic testing company 23andMe is facing a class-action lawsuit after user data was accessed without authorization, a breach that blames customers who used a recycled password as login credentials for their account on the site. local DNA company website.

23andMe wrote in a letter in response to attorneys representing customers whose data was exposed that no breach occurred under the provisions of the California Privacy Rights Act because the users targeted in the initial breach were using login credentials. session that had been exposed in violations involving other websites through use. of a tactic called “credential stuffing.” The letter was first reported by TechCrunch and independently confirmed by FOX Business.

The company reiterated the position it took when it first disclosed the incident in October, writing that “unauthorized actors gained access to certain user accounts in cases where users recycled their own login credentials, i.e. Users were using the same usernames and passwords used on 23andMe.com as on other websites that had been subject to previous security breaches, and users negligently recycled and failed to update their passwords after these past security incidents, which are not related to 23and Me.”

23andMe blamed users for a data breach. fake images

Around 14,000 23andMe user accounts were attacked in the initial incident and hackers used those accounts to access the data of 6.9 million users. Of the initial 14,000 accounts breached, the hacker accessed information from approximately 5.5 million DNA Relatives profiles and approximately 1.4 million Family Tree role profiles connected to the compromised accounts.

The company said in December that it had 14 million customer profiles at the time.

See also  Who is Tyler Gustin? The cast of Flash Grant Gustin Brother

23andMe did not immediately respond to a request for comment.

“Instead of acknowledging its role in this security disaster, 23andMe has apparently decided to leave its customers stranded while downplaying the seriousness of these events,” Hassan Zavareei, an attorney representing victims filing a class-action lawsuit against 23andMe. provided to FOX Business.

It also noted that “the breach affected millions of consumers whose data was exposed through the DNA Relatives feature on the 23andMe platform. No because they used recycled passwords.”

23andMe HeadquartersAround 14,000 23andMe user accounts were attacked in the initial incident and hackers used those accounts to access the data of 6.9 million users. fake images

“Of those millions, only a few thousand accounts were compromised due to credential stuffing,” Zavareei added. “23andMe’s attempt to avoid liability by blaming its customers does nothing for these millions of consumers whose data was compromised through no fault of their own.”

In the wake of the breach, hackers published approximately 1 million data points associated with users of Ashkenazi Jewish descent and similar data related to more than 300,000 users of Chinese descent.

23andMe also took steps to change user security protocols by requiring the use of two-factor authentication for all new and existing users and also ordering each customer to reset their password.

The company’s shares fell more than 8% during afternoon trading on Wednesday.

Categories: Trending
Source: vtt.edu.vn

Leave a Comment