• KyleKatarn@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    11 months ago

    The hackers initially got access to around 14,000 accounts using previously compromised login credentials, but they then used a feature of 23andMe to gain access to almost half of the company’s user base, or about 7 million accounts

    Is there more to the breach than just stolen passwords? What feature did they use and what access did they gain?

    • trebuchet
      link
      fedilink
      arrow-up
      8
      ·
      11 months ago

      I recall from previous coverage of this that there is a social network feature in the site where you can voluntarily share your info with friends and family.

      So 14,000 accounts got accessed via reused passwords and then that gave them access to 7 million people’s data because they chose previously to share info with those 14,000.