According to BleepingComputer, and based on input from 23andme, the threat actor accessed some of the company's user accounts through credential stuffing and then scraped the data of their DNA Relative matches.
According to the 23andme blog, the company believes criminals injected reused credentials from other breaches to gain access to its users' accounts.
[
add
]
[
|
|
...
]