Security News > 2024 > January > Infosec experts divided over 23andMe's 'victim-blaming' stance on data breach
23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps.
The letter, which was first reported by TechCrunch, read: "As set forth in 23andMe's October 6, 2023 blog post, 23andMe believes that unauthorized actors managed to access certain user accounts in instances where users recycled their own login credentials - that is, users used the same usernames and passwords used on 23andMe.com as on other websites that had been subject to prior security breaches, and users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe. Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures under the CPRA.".
"From a PR perspective, the response from the biotech company was described as striking completely the wrong tone. Yvonne Eskenzi, co-founder of infosec PR agency Eskenzi, said:"From a crisis comms standpoint, 23andMe's response to its breach misses the mark completely.
In the infosec industry, experts appear to be divided on the matter, although the majority opposed the stance of 23andMe.
Prior to the data breach in October, 23andMe did not mandate the use of 2FA, but said it has supported authenticator app-based 2FA since 2019.
The Register approached 23andMe for comment but it did not respond.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/04/23andme_victim_blaming_breach/
Related news
- Free, France’s second largest ISP, confirms data breach after leak (source)
- Interbank confirms data breach following failed extortion, data leak (source)
- How to Effectively Manage a Data Breach (source)
- Amazon confirms employee data breach after vendor hack (source)
- HIBP notifies 57 million people of Hot Topic data breach (source)
- US space tech giant Maxar discloses employee data breach (source)
- Fintech giant Finastra investigates data breach after SFTP hack (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Texas Tech University System data breach impacts 1.4 million patients (source)