23andMe says it's your fault if you're among 6.9 million of its users affected by recent data breach
2 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Key notes
- A handful of 14,000 23andMe accounts were the first set of victims that hackers targeted.
- From them, the bad actors gained access to data from 6.9 million users
- 23andMe says recently in a letter to attorneys that overused passwords are the culprit of the attack.
23andMe, a popular consumer genetic testing service, has shifted the blame entirely to the customers, following dozens of lawsuits it received after 6.9 million of its users were affected in a recent scandalous data breach.
A handful of 14,000 23andMe accounts were the first set of victims that hackers targeted. From them, the bad actors gained access to data from 6.9 million users, including their relative profiles, family trees, etc. This incident was confirmed back in December last year.
TechCrunch, who first reported on this, reveals that the company has now sent a letter to attorneys who represent the victims. The company alleges that recycled passwords for login credentials are the culprit, but victims and their attorneys would disagree on that.
The letter reads, “Unauthorized actors managed to access certain user accounts in instances where users recycled their own login credentials.
“Users negligently recycled and failed to update their passwords following these past security incidents … Therefore, the incident was not a result of 23andMe’s alleged failure.”
This isn’t the first and only security breach that happened at the company. DNA information of Jewish Ashkenazi users was reportedly stolen by a hacker back in October last year. The same hacker also said further that another four million users were impacted.
