Genetic testing firm 23andMe has suffered a data breach. 

1 million data points exclusively about Ashkenazi Jews have been advertised for sale on a cybercrime forum. There's also information about hundreds of thousands of users of Chinese descent.

It appears to be a credential stuffing attack—where previously leaked logins and passwords from other sites are tried on 23andMe—with the attackers then scraping data from profiles

@90657cc1's story has all the details we know so far: 
 https://www.wired.com/story/23andme-credential-stuffing-data-stolen/ #cybersecurity #news #tech #23andme #infosec 

 @8bf54812 @90657cc1 

Is credential stuffing considered a "data breach"? This seems like the blame is more on the users for reusing passwords than on the company, no?

Related: I would love to have this testing done, but only under the condition that I could get my results and then the data would be deleted immediately and entirely from their system.