Security News > 2024 > January > Infosec experts divided over 23andMe's 'victim-blaming' stance on data breach
23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps.
The letter, which was first reported by TechCrunch, read: "As set forth in 23andMe's October 6, 2023 blog post, 23andMe believes that unauthorized actors managed to access certain user accounts in instances where users recycled their own login credentials - that is, users used the same usernames and passwords used on 23andMe.com as on other websites that had been subject to prior security breaches, and users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe. Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures under the CPRA.".
"From a PR perspective, the response from the biotech company was described as striking completely the wrong tone. Yvonne Eskenzi, co-founder of infosec PR agency Eskenzi, said:"From a crisis comms standpoint, 23andMe's response to its breach misses the mark completely.
In the infosec industry, experts appear to be divided on the matter, although the majority opposed the stance of 23andMe.
Prior to the data breach in October, 23andMe did not mandate the use of 2FA, but said it has supported authenticator app-based 2FA since 2019.
The Register approached 23andMe for comment but it did not respond.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/04/23andme_victim_blaming_breach/
Related news
- 23andMe to pay $30 million in genetics data breach settlement (source)
- Fortinet confirms data breach after hacker claims to steal 440GB of files (source)
- 23andMe settles class-action breach lawsuit for $30 million (source)
- AT&T pays $13 million FCC settlement over 2023 data breach (source)
- Dell investigates data breach claims after hacker leaks employee info (source)
- Disney ditching Slack after massive July data breach (source)
- A data leak and a data breach (source)
- U.S. govt agency CMS says data breach impacted 3.1 million people (source)
- Dutch Police: ‘State actor’ likely behind recent data breach (source)
- Comcast and Truist Bank customers caught up in FBCS data breach (source)