What Could Have Stopped the 23andMe Hack?by@hillpot
529 reads

What Could Have Stopped the 23andMe Hack?

tldt arrow
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

In October 2023, 23andMe announced a data breach involving the theft of personal, genetic, and ethnic data of millions of users, subsequently sold on the dark web. The hackers employed "credential stuffing," using stolen username/password combinations from other sites, exploiting users' common practice of password reuse. This method exposed even accounts with strong passwords, as 23andMe's "DNA Relatives" feature interconnected user data. The incident highlights the inadequacy of relying solely on users for password security, emphasizing the need for stronger access control measures by websites. Alternatives to traditional password security are discussed, including password managers, multi-factor authentication (MFA), physical security keys like YubiKey, comprehensive security solutions like Cisco Duo, authenticator apps like Google Authenticator, and innovative technologies like Invysta, which turns login devices into physical security keys. Each option presents its own set of advantages, challenges, and vulnerabilities. The article stresses the evolving nature of digital security, especially as personal and sensitive data like DNA information becomes increasingly available online, urging the adoption of advanced cybersecurity measures to prevent such breaches.
featured image - What Could Have Stopped the 23andMe Hack?
Jeremy Hillpot HackerNoon profile picture


Jeremy Hillpot

Jeremy Hillpot offers a unique perspective on the latest trends in cybersecurity, data, crypto, and agrotechnology.

Receive Stories from @hillpot


react to story with heart


. . . comments & more!