23andMe’s fall from $6 billion to nearly $0 — a valuation collapse of 98% from its peak in 2021::undefined

  • JohnEdwa
    link
    fedilink
    English
    arrow-up
    22
    ·
    edit-2
    11 months ago

    The “hacker” gained access with a valid username and password gained from a completely unrelated leak because users were reusing passwords, logging in using a botnet & VPN to spread them out so they looked legit to 23andme. They then “hacked” the user data by going into the opt-in feature of the site that specifically you have to agree to share your data with any person they believe to be related to you, and read what it said.

    So about as much as I hacked my school principals emails as a kid by reading the password of a teacher on a post-it note and opening their email client to see what messages the principal had sent them.