Authorities in Canada and the UK have launched a joint investigation into a 23andMe data breach that occurred last October.
That’s when a threat actor posted on the Dark Web claiming possession of 23andMe profile information, ultimately releasing roughly 4 million company records. 23andMe launched an investigation, discovering that the breach was a credential-stuffing attack that affected around 7 million people.
The discovery of the attack led the company to blame the victims of the breach, saying they were negligent in reusing their passwords that had previously been exposed in past data breaches.
from Dark Reading – https://trl.ca/33p