Here’s what’s on our plate today:

• 🧬 What killed 23andMe? A massive data breach. A public trust implosion.

• 🧪 AI hurts Wikipedia, Opera debuts Neon, and artists track their stolen work.

• 🧠 Roko’s Pro Tip: Build like breach lawsuits are inevitable.

• 📊 Should genetic data companies face stricter regulations?

Let’s dive in. No floaties needed…

The Laboratory

Why 23andMe’s downfall is a lesson in data security and consumer trust

Few companies have managed to create the kind of impact in their area of operations as 23andMe. The company turned a simple DNA testing kit into a billion-dollar idea. It began with $99 direct-to-consumer DNA testing kits and went on to be named the "Invention of the Year" by Time magazine.

However, if you search the latest on 23andMe, you might be amazed to learn that the company was recently bought by Regeneron Pharmaceuticals for a total of $256 million through a bankruptcy auction.

So how did the idea of making DNA testing available for everyone become a billion-dollar company, and how did a billion-dollar company crash within months? Let us find out.

From spit parties to billion-dollar valuations

Founded in 2006 by Anne Wojcicki, Linda Avey, and Paul Cusenza, 23andMe aimed to make personal genomics accessible to consumers. While other companies like UK-based Sciona and Texas-based FamilyTreeDNA had already entered the market, none had the impact that 23andMe managed to create.

By 2007, through a series of ‘spit parties’—promotional cocktail parties where wealthy guests were encouraged to spit into tubes to be tested by the company—23andMe had made a name for itself. By 2008, it was named the Invention of the Year by Time magazine.

However, it was not all smooth sailing. In 2013, the FDA ordered the company to halt its health-related genetic tests, citing concerns over accuracy and potential for misinterpretation. But by 2015, the company managed to receive approval and started expanding its offerings.

By 2021, 23andMe had gone public through a merger with a special purpose acquisition company (SPAC), achieving a valuation of approximately $6 billion. This move was seen as a significant milestone, reflecting investor confidence in the growing field of consumer genomics.

When hackers crashed the party

In October 2023, 23andMe disclosed a data breach resulting from a credential stuffing attack, where attackers used previously compromised credentials from other breaches to access 23andMe user accounts.

Initially, the company reported that approximately 14,000 accounts were directly compromised. However, due to the interconnected nature of its DNA Relatives feature, which matches people with other members they may share ancestry with, additional information from millions of other profiles was exposed.

The company stated that data from about 6.9 million users was compromised. This included sensitive information such as display names, predicted relationships with others, the amount of DNA users share with matches, ancestry reports, self-reported locations, ancestor birth locations, family names, profile pictures, and more.

Doubt and distrust spread

As 23andMe continued to share details of the attack, reports emerged raising doubts about its version of a credential stuffing attack.

Multiple users reported certainty that their 23andMe account usernames and passwords were unique and could not have been exposed elsewhere in another leak. This pointed towards cracks in the company’s SEC filing, where it had initially reported the attack.

Reports also suggested that the claimed number of 6.9 million was lower than the actual number of impacted users.

After the attack, 23andMe updated its terms of service related to dispute resolutions and arbitration. The company stated these changes would “encourage a prompt resolution of any disputes” and “streamline arbitration proceedings where multiple similar claims are filed”. Essentially, users had to agree to a class-action waiver and a mandatory arbitration clause. The updated policy meant users had only 30 days to opt out, further increasing distrust.

Final chapter: Bankruptcy and acquisition

The breach led to significant public outcry and legal challenges. A lawsuit filed in January 2024 accused 23andMe of not doing enough to protect its customers. It also accused the company of not notifying certain customers with Chinese or Ashkenazi Jewish ancestry that their data was specifically targeted and spread on the dark web. The company later settled the suit for $30 million.

While dealing with the loss of public trust, 23andMe’s defense did more harm than good. The company defended itself by saying there was no way the breach could lead to real-world problems: “The information that was potentially accessed cannot be used for any harm”. It also blamed users who “negligently recycled and failed to update their passwords”. Cybersecurity professionals refer to the weaponization of these repeated digital keys as “credential stuffing” attacks.

However, multiple attorneys and genetic privacy experts argued the company should have anticipated such an attack and done far more to safeguard this highly sensitive, intimate data.

The Road Ends in Bankruptcy

23andMe struggled to recover from the disastrous data breach and its fallout. By April 2025, the company filed for bankruptcy, seeking to sell its business at auction due to declining consumer demand.

In May 2025, Regeneron Pharmaceuticals bought the company and promised to prioritize the ethical use of DNA data from customers using ancestry testing and other services.

The rise and fall of 23andMe highlight the critical importance of data security. Despite its groundbreaking innovation and initial success, the company's dramatic downfall illustrates how quickly consumer trust can evaporate when sensitive data is compromised.

The case of 23andMe is a stark reminder for businesses and consumers alike that robust data protection measures are essential. In today's digital world, ensuring the security of personal and sensitive information must be a top priority for all companies. 23andMe's story serves as a valuable lesson on the potential consequences of overlooking cybersecurity and the role it plays in not just preserving consumer trust but also the viability of a company's business plan.

Roko Pro Tip

Prompt Of The Day

Bite-Sized Brains

• Wikipedia traffic drops: Wikipedia says AI search summaries and TikTok-style videos are driving users away.

• Opera launches AI browser trial: The company’s new Neon browser reimagines navigation with immersive tabs and built-in AI tools.

• Tool exposes AI’s scraped art: A new platform lets artists check if their work was used to train popular image-generation models.

Tuesday Poll

Meme Of The Day

Rate This Edition