The IT Nerd

So if you haven’t been keeping track of the ongoing story of 23andMe being pwned in epic fashion, here’s a quick update:

• In October of last year, it came to light that 23andMe got pwned and millions of customers were affected
• The company then put a number to them being pwned
• 23andMe then tried to cover themselves from being sued for being pwned by altering their terms of service

Let’s fast forward to today. According to a filing that was sent to California’s attorney general, the hack actually started in April 2023 and continued until September. That’s five months. Five months where threat actors were able to do their evil work. And what’s worse than that is the fact that 23andMe only found out about this when the threat actors started posting the data on the unofficial subreddit for 23andMe. Now it’s pretty bad when you get pwned. It’s worse when you don’t know about it for months and you only find out about it because someone was browsing Reddit. Which to me suggests that 23andMe was seriously asleep at the switch. 23andMe seriously needs to be sued out of existence because this is frankly unacceptable. And this level of #fail needs to be punished severely.

This entry was posted on January 29, 2024 at 9:44 am and is filed under Commentary with tags 23andMe, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.