Oddbean new post about | logout
Ian Campbell | 1 years ago (raw) | export | reply | flag 
 23andMe: "Oh it's everyone else's fault, it's credential stuffing."

But that's worse, right? You get how not having credential stuffing mitigations in your fucking gene registry is worse?
Ian Campbell | 1 years ago (raw) | root | parent | reply | flag 
 

https://masto.deoan.org/system/media_attachments/files/111/190/484/528/661/160/original/c5b11bbadd4bd247.png
87d90b24 | 1 years ago (raw) | root | parent | reply | flag 
 @3e3ce96c @111841bb I cannot think of worse customer data to lose than this.
6bee7ae6 | 1 years ago (raw) | root | parent | reply | flag 
 @3e3ce96c 
Wait wait wait and WHAT!

7 million customer datasets breached by credential stuffing 30 million users?
This sounds off to me (actually rather like bullshit). I agree that too many people reuse passwords, but I doubt that ~25% of the users reuse passwords and their passwords are known from other breaches.

This rather sounds like credential stuffing of a privileged account. This would also explain how it was possible to target specific ethnic groups