Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

What is Mistral AI? Everything you need to know about the OpenAI competitor

Podcasting platform Riverside is getting into the newsletter game

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    What is Mistral AI? Everything you need to know about the OpenAI competitor

    4 July 2026

    Anthropic is discussing a new custom chip with Samsung

    3 July 2026

    Jersey Mike’s IPO shows just how bad the AI ​​hype has gotten

    3 July 2026

    OpenAI proposed donating 5% of its equity to a US sovereign wealth fund

    2 July 2026

    SpaceX has a prototype AI device, and it sure sounds like a phone

    2 July 2026
  • Apps

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026

    Travel app Hopper to pay $35 million in FTC settlement over ‘unfair’ hidden fees

    3 July 2026

    Meta quietly launches vibe-encoded Pocket gaming app

    3 July 2026

    Popular TV-watching app TV Time is shutting down as the company focuses on artificial intelligence

    2 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026

    Ashton Kutcher is leaving Sound Ventures to start a new VC firm with Morgan Beller

    2 July 2026

    Flipper’s new Busy Bar is a customizable display for productivity

    30 June 2026

    South Korea’s tech giants pledge over $550 billion to ease ‘RAMageddon’

    30 June 2026
  • Media & Entertainment

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026

    Instagram looks set to take on streaming services with a longer, episodic and live format for its TV app

    22 June 2026
  • Security

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026

    Cellebrite said it cut off Russia, but Russia used its tools anyway

    26 June 2026
  • Startups

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026

    Indian tech tycoon bets $30 million of his own money to build AI alternative to Microsoft Office

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026

    How to invest when everything is moving too fast

    24 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»23andMe tells victims it’s their fault their data was breached
Security

23andMe tells victims it’s their fault their data was breached

techtost.comBy techtost.com4 January 202404 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
23andme Tells Victims It's Their Fault Their Data Was Breached
Share
Facebook Twitter LinkedIn Pinterest Email

Facing more than 30 lawsuits from the victims of the massive data breach, 23andMe is now deflecting blame onto the victims themselves in an attempt to absolve itself of any responsibility; according to a letter sent to a victims’ group seen by TechCrunch.

“Instead of acknowledging its role in this data security disaster, 23andMe apparently decided to hang its customers out to dry by downplaying the seriousness of these events,” said Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe. TechCrunch in an email.

In December, 23andMe admitted that hackers had stolen the genetic and ancestry data of 6.9 million users, nearly half of its customers.

The data breach started with the hackers accessing only about 14,000 user accounts. Hackers broke into this first set of victims by brute forcing accounts with passwords known to be associated with the targeted customers, a technique known as credential stuffing.

Of those initial 14,000 victims, however, the hackers were then able to gain access to the personal data of another 6.9 million victims because they had opted in to 23andMe’s DNA congeners feature. This optional feature allows customers to automatically share some of their data with people they consider related to them on the platform.

In other words, by breaking into the accounts of only 14,000 customers, the hackers then breached the personal data of another 6.9 million customers whose accounts were not directly compromised.

But in a letter sent to a group of hundreds of 23andMe users who are now suing the company, 23andMe said “users negligently recycled and failed to update their passwords after these previous security incidents, which are unrelated with 23andMe.”

“Therefore, the incident was not the result of 23andMe’s alleged failure to maintain reasonable security measures,” the letter states.

Zavareei said 23andMe is “shamelessly” blaming victims of the data breach.

“That finger is stupid. 23andMe knew or should have known that many consumers use recycled passwords, and therefore 23andMe should have implemented some of the many safeguards available to protect against credential stuffing — especially considering that 23andMe stores personal information identification, health information and genetic information on its platform. Zavarei said in an email.

“The breach affected millions of consumers whose data was exposed through the DNA Relatives feature on the 23andMe platform, not because they used recycled passwords. Of those millions, only a few thousand accounts were compromised due to credential stuffing. 23andMe’s attempt to avoid responsibility by blaming its customers does nothing for the millions of consumers whose data was breached through no fault of their own,” Zavareei said.

Contact us

Do you have more information about the 23andMe incident? We would love to hear from you. Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or email at lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.

In response to 23andMe’s letter, Dante Termohs, a 23andMe customer affected by the data breach, told TechCrunch that he found it “terrifying that 23andMe is trying to hide from the consequences instead of helping its customers.”

Lawyers for 23andMe argued that the stolen data cannot be used to cause financial harm to the victims.

“The potentially accessed information cannot be used for any harm. As explained in the October 6, 2023 blog post, the profile information that may have been accessed is related to the DNA Relatives feature that a customer creates and chooses to share with other users on the 23andMe platform. Such information would only be available if claimants positively choose to share that information with other users through the DNA Relatives feature. Furthermore, the information potentially obtained by the unauthorized actor about the plaintiffs could not have been used to cause property damage (it did not include the social security number, driver’s license number, or any payment or financing information),” the letter said .

23andMe and one of its lawyers did not respond to TechCrunch’s request for comment.

After the breach was disclosed, 23andMe reset all customer passwords and then required all customers to use multi-factor authentication, which was only optional before the breach.

In an effort to pre-empt the inevitable class-action lawsuits and mass arbitration claims, 23andMe changed its terms of service to make it more difficult for victims to join together when filing a legal claim against the company. Lawyers with experience representing data breach victims told TechCrunch that the changes were “cynical,” “self-serving” and “a desperate attempt” to protect and prevent customers from going after the company.

Clearly, the changes didn’t stop what is now an upheaval class actions.

23 and I 23andMe breached cyber security data data breach fault group action hacker Hacking tells victims
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleCloud-native cybersecurity startup Aqua Security raises $60 million and remains a unicorn
Next Article Urbanista integrates Powerfoyle technology with solar-powered headphones
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026

The US government says it’s been hacked — again

2 July 2026

Omen AI’s plan to optimize data centers is all wet

30 June 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

What is Mistral AI? Everything you need to know about the OpenAI competitor

4 July 2026

Podcasting platform Riverside is getting into the newsletter game

4 July 2026

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

4 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

Last chance to apply — Startup Battlefield Australia applications close on 6 July

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.