23andMe Faces Backlash for Blaming Users for Massive Data Breach

The genetic testing company, under fire for a breach affecting 6.9 million users, claims victims' recycled passwords are to blame.

23andMe, a genetic testing company, is facing over 30 lawsuits following a data breach that affected nearly half of its users, approximately 6.9 million people.
The breach began with hackers accessing around 14,000 user accounts through a technique known as credential stuffing, using passwords associated with the targeted customers from other breaches.
Through 23andMe’s DNA Relatives feature, which allows customers to share some of their data with potential relatives on the platform, the hackers were able to access the personal data of the remaining 6.9 million victims.
23andMe has sent a letter to the victims blaming them for the breach, stating that the users 'negligently recycled and failed to update their passwords following these past security incidents'.
Following the breach, 23andMe reset all customer passwords and made multi-factor authentication mandatory for all users.