Biotech company 23andMe first disclosed a data breach affecting a portion of its customers back in October. The information was obtained in a credential stuffing attack. An SEC filing now reveals roughly 14,000 accounts were accessed, along with information on millions of users participating in the DNA Relatives feature.
One of the things I’ve been doing lately is snail mailing these companies their exact terms of service with the forced arbitration and class action waivers completely removed to their registered addresses with the same language that says “unless notified by mail, the continuation of service assumes that you agree to these terms.”
As of yet, no company has ever mailed me back and my service hasn’t been disabled.
Not sure how enforceable it is but I figure I can’t lose.
Fantastic work! Adding this to my tackle box of fuck-the-man-ery