23andMe admits hackers stole raw genotype data - and that cyberattack went undetected for months | Firm says it didn’t realize customers were being hacked::Firm says it didn’t realize customers were being hacked
23andMe admits hackers stole raw genotype data - and that cyberattack went undetected for months | Firm says it didn’t realize customers were being hacked::Firm says it didn’t realize customers were being hacked
Ah ok, didn’t know we knew those details. I guess they found an API endpoint that allowed them to do this that isn’t exposed through the website.
The official RCA is credential stuffing.
Reused passwords are a bitch.
The main surprise is that you were able to get to genomic data with just a password. I thought it was only ever sent over email to the account email.
Maybe the attack involved changing email as well?