Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection of data breach notifications filed with California’s attorney general Rob Bonta, 23andMe revealed attackers were using credential stuffing techniques between April 29 and September 27, 2023.
Source: The Register