23andMe admits hackers stole raw genotype data - and that cyberattack went undetected for months | Firm says it didn’t realize customers were being hacked::Firm says it didn’t realize customers were being hacked

  • huginn@feddit.it
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    10 months ago

    The official RCA is credential stuffing.

    Reused passwords are a bitch.

    The main surprise is that you were able to get to genomic data with just a password. I thought it was only ever sent over email to the account email.

    Maybe the attack involved changing email as well?