Security News > 2024 > January > Infosec experts divided over 23andMe's 'victim-blaming' stance on data breach
23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps.
The letter, which was first reported by TechCrunch, read: "As set forth in 23andMe's October 6, 2023 blog post, 23andMe believes that unauthorized actors managed to access certain user accounts in instances where users recycled their own login credentials - that is, users used the same usernames and passwords used on 23andMe.com as on other websites that had been subject to prior security breaches, and users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe. Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures under the CPRA.".
"From a PR perspective, the response from the biotech company was described as striking completely the wrong tone. Yvonne Eskenzi, co-founder of infosec PR agency Eskenzi, said:"From a crisis comms standpoint, 23andMe's response to its breach misses the mark completely.
In the infosec industry, experts appear to be divided on the matter, although the majority opposed the stance of 23andMe.
Prior to the data breach in October, 23andMe did not mandate the use of 2FA, but said it has supported authenticator app-based 2FA since 2019.
The Register approached 23andMe for comment but it did not respond.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/04/23andme_victim_blaming_breach/
Related news
- Dutch Police: ‘State actor’ likely behind recent data breach (source)
- Comcast and Truist Bank customers caught up in FBCS data breach (source)
- Internet Archive hacked, data breach impacts 31 million users (source)
- Internet Archive data breach, defacement, and DDoS: Users’ data compromised (source)
- Fidelity Investments says data breach affects over 77,000 people (source)
- Fidelity Data Breach Exposes Data of Over 77,000 Customers (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Insurance admin Landmark says data breach impacts 800,000 people (source)
- Henry Schein discloses data breach a year after ransomware attack (source)