Credential Stuffing to 6.9M Exposures: 23andMe Breach Ends in $47M Penalty
The 2023 23andMe attack, which started with simply reusing leaked credentials, ultimately exposed the genetic and health data of 6.9 million users—and now costs $46.75 million. For cybersecurity teams, it is a textbook case of why basic anti‑credential‑stuffing controls and multi‑factor authentication are non‑negotiable for any platform holding sensitive data.