23andMe admits hackers stole raw genotype data - and that cyberattack went undetected for months | Firm says it didn’t realize customers were being hacked::Firm says it didn’t realize customers were being hacked

  • @[email protected]
    link
    fedilink
    English
    010 months ago

    Ah ok, didn’t know we knew those details. I guess they found an API endpoint that allowed them to do this that isn’t exposed through the website.

    • @[email protected]
      link
      fedilink
      English
      3
      edit-2
      10 months ago

      The official RCA is credential stuffing.

      Reused passwords are a bitch.

      The main surprise is that you were able to get to genomic data with just a password. I thought it was only ever sent over email to the account email.

      Maybe the attack involved changing email as well?