Hacker News

2171 readers

2 users here now

A mirror of Hacker News' best submissions.

founded 1 year ago

MODERATORS

[email protected]

23andMe tells victims it's their fault that their data was breached (techcrunch.com)

submitted 10 months ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

HN Discussion

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 10 months ago* (last edited 10 months ago)

The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing. From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe’s DNA Relatives feature.

From the description it sounds like they have a point. If people reuse their passwords and then get hacked, the hackers are going to have access to their full accounts, including any information shared with them.

How is this different than if hackers reused passwords and hacked into Facebook accounts and then saw the user's friends' profiles?