this post was submitted on 24 Jan 2024
115 points (97.5% liked)

Privacy

1213 readers
83 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] kylekatarn 18 points 9 months ago (1 children)

The hackers initially got access to around 14,000 accounts using previously compromised login credentials, but they then used a feature of 23andMe to gain access to almost half of the company's user base, or about 7 million accounts

Is there more to the breach than just stolen passwords? What feature did they use and what access did they gain?

[โ€“] [email protected] 9 points 9 months ago

I recall from previous coverage of this that there is a social network feature in the site where you can voluntarily share your info with friends and family.

So 14,000 accounts got accessed via reused passwords and then that gave them access to 7 million people's data because they chose previously to share info with those 14,000.