Topics
Latest
AI
Amazon
Image Credits:David Paul Morris/Bloomberg / Getty Images
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
secrecy
Robotics
security measure
Social
Space
Startups
TikTok
Transportation
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
video
Partner Content
TechCrunch Brand Studio
Crunchboard
meet Us
In a data breach telling letter of the alphabet register with regulators this weekend , 23andMe revealed that drudge started break into customers ’ chronicle in April 2023 and continued through most of September .
In other actor’s line , for around five months , 23andMe did not detect a series of cyberattacks where hack were seek — and often succeeding — in brute - forcing access to customer ’ accounts , allot to a de jure required filing 23andMe send to California ’s attorney full general .
calendar month after the hackers start up targeting 23andMe client , the company revealed thathackers had stolen the ancestry and genetic data of 6.9 million user , or about half of its client .
According to the company , 23andMe became mindful of the breach in October whenhackers advertised the stolen datain post publish on the unofficial 23andMe subreddit and separately on a ill-famed hacking forum . 23andMe also did not notice that the drudge advertize the steal data on another chop forum months earlier in August , as TechCrunch reported .
As 23andMe afterward admitted , hackers were able-bodied to get to the account of around 14,000 customers by brute - forcing into explanation that were using passwords already made public and associated with electronic mail addresses from other breaches . With entree to those accounts , the hacker steal data on 6.9 million client by path of theDNA Relativesfeature , which lets customer mechanically share some of their data with others that 23andMe classifies as congenator . The steal datum included the somebody ’s name , giving birth twelvemonth , relationship labels , the percentage of deoxyribonucleic acid divvy up with relatives , ancestry news report and ego - reported location .
23andMe spokespeople did not immediately answer to TechCrunch ’s postulation for input , which included questions about how the breach went undetected for so long .
After customers were notified that they were victims of the breach , several victims have filed class natural process lawsuits against 23andMe in the U.S. and Canada , even thoughthe company endeavor to make it harder for victims to band together in legal actions by changing its terms of service . data point falling out lawyers call up the term of inspection and repair alteration “ misanthropic , ” “ self - attend , ” and “ a despairing attempt ” to protect 23andMe against its own customers .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
In one of the lawsuits , 23andMe responded byblaming usersfor allegedly using reuse passwords .
“ user negligently reprocess and fail to update their passwords following these preceding security incidents , which are unrelated to 23andMe,”23andMe claim in a letter to breach victims . “ The incident was not a resultant of 23andMe ’s alleged nonstarter to maintain fair certificate measures . ”
