As we now know, a threat actor recently attempted to sell 23andMe customer data and, after failing to do so, leaked the data for 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom.
23andMe soon said it had determined that hackers only accessed around 0.1% of user accounts through their credential stuffing attacks – about 14,000 of them. But this was enough to use the ‘DNA Relatives’ feature and scrape millions of individuals’ data.
23andMe confirmed recently that a total of 6.9 million people were impacted by the breach.
Cybersecurity measures were quite obviously lacking at 23andMe. Unsurprisingly, multiple class action claims have already been filed against the company in various American and Canadian states.
Emails sent to customers about this change state that users have up to 30 days after receiving the email notification to notify 23andMe at [email protected] that they disagree with the new terms.
Those who send an email disputing the update will remain on the previous Terms of Service. In other words, if you don’t explicitly tell 23andMe you disagree with the new terms, you’re locked into them automatically.
“Needless to say, them wanting to pre-empt a class action suit means that most likely there’s way worse revelations yet to come,” an eagle-eyed Mastodon user @thomasfuchs who first saw the update on 23andMe’s website said.
More from Cybernews:
Subscribe to our newsletter