23andMe CEO Anne Wojcicki talks about how genetic genealogy is being used to solve cold cases and medical problems on The Claman Countdown.
Genetic testing company 23andMe The company is facing a class action lawsuit alleging that users' data was accessed without their permission. The breach was attributed to a customer who used a recycled password as login credentials for his account on the Home His DNA Company's website.
In a letter responding to lawyers representing customers whose data was breached, 23andMe said that the users targeted in the original breach were unable to use login credentials exposed in breaches involving other websites. As such, there was no violation under the California Privacy Rights Act. This is a tactic called “credential stuffing.” The letter was first reported by TechCrunch and independently confirmed by FOX Business.
The company reiterated its position when first disclosing the incident in October, calling it “an example in which a user reused their login credentials, i.e., a user reused the same username and password that had previously been used.'' In this example, an unauthorized attacker was able to gain access to a specific user account. 23andMe.com, like his other previously regulated websites, security breach, and users inadvertently recycled or failed to update their passwords after these past security incidents, which are unrelated to 23and Me. ”
The first incident targeted approximately 14,000 accounts of 23andMe users, and hackers used these accounts to access data of 6.9 million users. From his 14,000 accounts that were initially compromised, the hacker accessed information in approximately 5.5 million DNA kinship profiles and approximately 1.4 million genealogy trait profiles associated with the compromised accounts.
23ANDME confirms hackers accessed data of 6.9 million users
23andMe claims that its customers' lax security practices led to unauthorized access to their personal data. (Smith Collection/Gado/Getty Images)
The company announced in December that it had 14 million customer profiles at the time.
23andMe did not immediately respond to a request for comment.
| ticker | safety | last | change | change % |
|---|---|---|---|---|
| myself | 23andme Holding Company | 0.84 | -0.07 | -8.04% |
“Instead of acknowledging its role in this security disaster, 23andMe is denying the seriousness of these events,” Hassan Zavary, a lawyer representing victims who are filing a class action lawsuit against 23andMe, said in a statement. It appears that the company has decided to neglect its customers and leave its customers alone.” Provided to FOX Business.
He also said that “this breach affected millions of consumers whose data was exposed through the DNA relatives feature on the 23andMe platform.” do not have Because they were using recycled passwords. ”
23ANDME profile information of some customers appears on the dark web
Following this incident, 23andMe required customers to use two-factor authentication and reset their passwords. (Photo illustration: Pavlo Gonchar/SOPA Images/LightRocket via / Getty Images)
“Of those millions of accounts, only a few thousand have been compromised through credential stuffing,” Zavary added. “23andMe's attempt to avoid responsibility by blaming its customers does nothing to help the millions of consumers whose data was compromised through no fault of their own.”
Following the breach, the hackers posted approximately 1 million data points related to users of Ashkenazi Jewish heritage and similar data related to more than 300,000 Jewish users. chinese heritage.
CLICK HERE TO GET FOX BUSINESS ON THE GO
23andMe also took steps to change the names of its users. security protocols Require all new and existing users to use two-factor authentication and instruct all customers to reset their passwords.
The company's shares fell more than 8% in late afternoon trading Wednesday.
