Perfil da Organização
Organização23ANDME appears in the ARIN member directory for United States (US) as a company record. Current public evidence also covers 1 ASN, one supporting public reference. The directory country is treated as a RIR member/service-area source field...
23andMe is a risk and accountability case because the accountability issue is that one users account settings can expose information about relatives, so consent and security controls have to account for networked genetic identity rather than isolated account ownership. The public record matters for customers, relatives, regulators, genetic privacy advocates, researchers, identity thieves, acquirers, and platform operators needed evidence that customer choice, breach response, and data stewardship matched the sensitivity of genetic-social information.
The 23andMe credential-stuffing incident was not only an account-takeover case. It was a demonstration that a relationship feature can make one compromised account a common-mode exposure path for many people who did not reuse that account's password, did not approve the hostile session, and could not see the extraction as it happened. The accountable control question is therefore wider than login hygiene: who governed the shared graph, the default assurance level, the extraction cost, and the later ownership of genetic and family context?
The central fact of the 2023 23andMe incident is not that some customers reused passwords. It is that one successful login could reveal information about many genetic relatives who did not reuse that password, did not control the accessed account and could not see the session that exposed them. That shared-profile structure changes the accountability test: authentication defaults, relationship visibility, scraping controls, notification boundaries and cross-border data governance all have to be judged against the reach of an account, not merely the number of accounts taken over.