I am reading more on the vector of attack used on 23andme and it seems they used credentials from other data breaches. This never would have happend with MFA, even SMS confirmation would've been enough.
It's insane that a company that literally stores DNA data didn't have the most basic defenses against data breaches that would take an intern 15 minutes to read about.
It's insane that a company that literally stores DNA data didn't have the most basic defenses against data breaches that would take an intern 15 minutes to read about.