23andMe users’ godawful password practices were supposedly to blame for the biotech company’s October data disaster, according to its legal reps.
Nope, the biotech firm’s infrastructure management was certainly not at fault in any way when 6.9 million users had their data compromised after some 14,000 accounts were broken into via credential stuffing.
Users recycling credentials compromised in separate, unrelated breaches has been pinpointed by 23andMe as the main reason why a boatload of data ended up in the hands of cybercriminals. The lack of mandatory 2/MFA or checks for compromised credentials used on the site, for example, is not cited as a significant influence.
