Comment on Drugmakers Are Set to Pay 23andMe Millions to Access Consumer DNA
dpkonofa@lemmy.world 1 year agoIt wasn’t a data leak. It was an authorization incursion brought on by users using the same username/email and password combo on other sites that had been compromised. If people don’t have 2FA enabled for these accounts, then it’s on them. There’s literally nothing that 23andme can do about a situation like that when unauthorized users have both the email and password for an account without 2FA. They might have been able to force 2FA on accounts but it’s too late for that when other accounts are compromised.
eager_eagle@lemmy.world 1 year ago
ah that’s right, my bad. I remember not being sure if the credential reuse thing was 23andMe trying to downplay the attack, but it seems to really be the case. Not much to worry then.