Attackers were able to compromise 23andMe over five months beginning April 2023, enabling access to 5.5 million DNA Relatives profiles and details from 1.4 million users of the Family Tree feature, said the company in a disclosure in October.
It should be $0 because this was a credential stuffing attack (Using breached passwords people reused), and affected people who knowingly shared their data with other people.
Yes, they should have MFA, but also no, most sites and services don’t force you to use MFA to begin with.
This is, for the most part, the fault of the folks using terrible security practices such as refusing passwords and sharing their data with other users.
It should be $0 because this was a credential stuffing attack (Using breached passwords people reused), and affected people who knowingly shared their data with other people.
Yes, they should have MFA, but also no, most sites and services don’t force you to use MFA to begin with.
This is, for the most part, the fault of the folks using terrible security practices such as refusing passwords and sharing their data with other users.