In the Light of 23andMe Security Incident
Following up on the recent security breach of 23andMe that impacted around 14,000 customer accounts, the security incident underscored the utilization of a cybersecurity tactic known as “credential stuffing,” where unauthorized access is gained by exploiting known passwords, potentially sourced from previous data breaches.
As per a new filing, the information, which typically encompassed details about ancestry and, in some cases, health-related data derived from users’ genetics, was acquired through a credential-stuffing attack. In this type of cyber attack, hackers leveraged login details obtained from previously breached websites to gain unauthorized access to users’ accounts on various platforms.
The threat actor not only breached individual accounts but also accessed numerous files containing profile information about other users’ ancestry. These files were originally shared by users who opted in to 23andMe’s DNA Relatives feature, and the compromised information was subsequently posted online by the attackers.
Let’s Understand ‘Credential Stuffing’
Credential stuffing is a cyber attack method in which attackers use automated tools to systematically and rapidly input large volumes of username and password combinations (credentials) into online login forms. These credentials are typically obtained from previous data breaches or leaks on other
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: