23andMe, a popular direct-to-consumer genetic testing service, recently notified its users about a security incident where attackers potentially accessed sensitive information, including genotype data, health reports, and other confidential details.
In a breach notification letter sent to affected users, 23andMe disclosed that the unauthorised access persisted for five months, spanning from late April 2023 to September 2023. The breach occurred due to a credential-stuffing attack, enabling hackers to exploit reused passwords without an actual breach into the company’s systems.
