23andMe, the DNA-Testing Company, Blames Its Users for Data Breach - The Messenger
The Messenger logoThe Messenger's logo
Tech.
It's time to break the news.The Messenger's slogan
TRENDING NOW | Colorado Teen Who Allegedly Shot Woman in Head 20 Times With AR-15 Over Fender Bender to Be Tried as Adult 

23andMe, the DNA-Testing Company, Blames Its Users for Data Breach

Some 6.9 million people's 23andMe accounts were compromised as a result of the Oct. 6 breach

Published |Updated
Claire Cameron
SMS Link IconAn SMS icon that opens a text message with the article link
WhatsApp IconA WhatsApp icon representing an external link to share the article on WhatsApp.
Email IconAn Email icon that opens an email with the article link.
Link IconA link icon that copies the article url to clipboard.
Reddit IconA Reddit icon representing an external link to share the article on Reddit.
This illustration picture shows a saliva collection kit for DNA testing displayed in Washington DC on December 19, 2018.Eric Baradat/AFP via Getty Images

The home DNA testing company 23andMe has sent a letter to customers whose accounts were compromised in a data breach that states the company is not to blame for the incident.

The letter reiterates the company's position, as previously reported in The Messenger, that a number of users who recycled passwords compromised in other data breaches targeting other websites provided a key for bad actors to gain entry into 23andMe's DNA Relative matching feature and compromise millions of users' information.

By recycling passwords, the company means the common, but inadvisable, practice of using one password for multiple online accounts.

In a letter to lawyer Hassan Zavareei, who is representing 23andMe users in a class-action lawsuit against the company over the breach, 23andMe's lawyers state that "the incident was a result of users' failure to safeguard their own account credentials, for which 23andMe bears no responsibility."

The breach occurred on Oct. 6, 2023. In December, the company admitted that 6.9 million people —half its reported user base— was affected by the incident. All of the people affected had opted in to the service's DNA Relative feature, which links up potential family members based on their genetic information.

The company is facing multiple lawsuits over the data breach that collectively allege it has failed to protect users' information. 23andMe denies this allegation.

Speaking to The Messenger, privacy lawyer Albert Fox Cahn said that pinning blame to users was "absolutely maddening."

"The effort to brazenly minimize the scale of the hack and what each hacked account potentially says about its users is, to me, disingenuous," he added. 23andMe has denied any genetic or health information was compromised in the attack.

Read More

Since the breach, 23andMe has instituted a two-step authentication process as the default and asked users to reset their passwords.

Businesswith Ben White
Sign up for The Messenger’s free, must-read business newsletter, with exclusive reporting and expert analysis from Chief Wall Street Correspondent Ben White.
 
By signing up, you agree to our privacy policy and terms of use.
Thanks for signing up!
You are now signed up for our Business newsletter.
More Tech.
The Messenger logoThe Messenger's logo
Follow The Messenger
Twitter IconA Twitter icon representing an external link to share the article on Twitter.
Instagram IconA Instagram icon representing an external link to share the article on Instagram.
Facebook IconA Facebook icon representing an external link to share the article on Facebook.
Linkedin IconA Linkedin icon representing an external link to share the article on Linkedin.
Youtube IconA Youtube icon representing an external link to open TheMessenger's page on Youtube.
Tiktok IconA Tiktok icon representing an external link to open TheMessenger's page on Tiktok.
222 Lakeview Avenue, Suite 1650, West Palm Beach, FL 33401
©2024 JAF Communications Inc. All rights reserved.