In a data breach notification letter filed with regulators this weekend, 23andMe revealed that hackers started breaking into customers’ accounts in April 2023 and continued through most of September.
In other words, for around five months, 23andMe did not detect a series of cyberattacks where hackers were trying — and often succeeding — in brute-forcing access to customers’ accounts, according to a legally required filing 23andMe sent to California’s attorney general.
According to the company, 23andMe became aware of the breach in October when hackers advertised the stolen data in posts published on the unofficial 23andMe subreddit and separately on a notorious hacking forum.
The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.
Data breach lawyers called the terms of service changes “cynical,” “self-serving,” and “a desperate attempt” to protect 23andMe against its own customers.
“Users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe,” 23andMe claimed in a letter to breach victims.
The original article contains 400 words, the summary contains 176 words. Saved 56%. I’m a bot and I’m open source!
This is the best summary I could come up with:
In a data breach notification letter filed with regulators this weekend, 23andMe revealed that hackers started breaking into customers’ accounts in April 2023 and continued through most of September.
In other words, for around five months, 23andMe did not detect a series of cyberattacks where hackers were trying — and often succeeding — in brute-forcing access to customers’ accounts, according to a legally required filing 23andMe sent to California’s attorney general.
According to the company, 23andMe became aware of the breach in October when hackers advertised the stolen data in posts published on the unofficial 23andMe subreddit and separately on a notorious hacking forum.
The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.
Data breach lawyers called the terms of service changes “cynical,” “self-serving,” and “a desperate attempt” to protect 23andMe against its own customers.
“Users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe,” 23andMe claimed in a letter to breach victims.
The original article contains 400 words, the summary contains 176 words. Saved 56%. I’m a bot and I’m open source!