Shecky - Third WheelJan 26, 2024

So yeah, about blaming your users...

"Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts.

It also said the malicious activity was only detected in October after seeing a Reddit post related to the sale of the data, rather than interal security tooling picking up on the mess."

https://www.theregister.com/2024/01/26/23_and_me_breach_filing/

Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months

Breach filings show Reddit post led to the discovery rather than any sophisticated cyber defenses

The Register
Show threadJNitterauer  
@siliconshecky I know beyond a shadow of a doubt that 23&Me isn’t being truthful. I know an account holder that used a unique password for their account. That password was not reused anywhere & was of sufficient length & complexity that it would be highly unlikely anyone would randomly duplicate it. That person got a notice that their data was leaked. So their blaming users isn’t the whole story!
Jan 26, 2024 at 4:19pmWeb