23andMe blames users for data breach, citing recycled passwords

23andme Logo Building Getty.jpg

Genetic testing company 23andMe is facing a class action lawsuit after users’ data was accessed without authorization – a breach it blames on customers who used a recycled password as login credentials for their account on the home DNA firm’s website.

23andMe wrote in a letter responding to attorneys representing customers whose data was exposed that no breach occurred under the provisions of the California Privacy Rights Act because users targeted in the initial breach were using login credentials that had been exposed in breaches involving other websites through the use of a tactic called “credential stuffing.” The letter was first reported by TechCrunch and confirmed independently by FOX Business.

The company reiterated the position it took when it first revealed the incident in October, writing that “unauthorized actors managed to access certain user accounts in instances where users recycled their own login credentials – that is, users, used the same usernames and…

Read the rest: Source link

Check out our business apps and business podcasts sections, you will be inspired with the type of content we have there.

Exit mobile version