Here’s how the 23andMe hack happened and how different login-access control solutions could have stopped it.

Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity.

You can also check exclusive content about #cybersecurity, #access-control, #23andme-data-leak, #credential-stuffing, #data-breach-prevention, #data-breach, #recent-data-breach, #hackernoon-top-story, #hackernoon-es, #hackernoon-hi, #hackernoon-zh, #hackernoon-fr, #hackernoon-bn, #hackernoon-ru, #hackernoon-vi, #hackernoon-pt, #hackernoon-ja, #hackernoon-de, #hackernoon-ko, #hackernoon-tr, and more.

This story was written by: @hillpot. Learn more about this writer by checking @hillpot's about page,

and for more stories, please visit hackernoon.com.

In October 2023, 23andMe announced a data breach involving the theft of personal, genetic, and ethnic data of millions of users, subsequently sold on the dark web. The hackers employed "credential stuffing," using stolen username/password combinations from other sites, exploiting users' common practice of password reuse. This method exposed even accounts with strong passwords, as 23andMe's "DNA Relatives" feature interconnected user data. The incident highlights the inadequacy of relying solely on users for password security, emphasizing the need for stronger access control measures by websites.

Alternatives to traditional password security are discussed, including password managers, multi-factor authentication (MFA), physical security keys like YubiKey, comprehensive security solutions like Cisco Duo, authenticator apps like Google Authenticator, and innovative technologies like Invysta, which turns login devices into physical security keys. Each option presents its own set of advantages, challenges, and vulnerabilities. The article stresses the evolving nature of digital security, especially as personal and sensitive data like DNA information becomes increasingly available online, urging the adoption of advanced cybersecurity measures to prevent such breaches.