The 23andMe breach of confidential information based on genetic analysis appears to have been caused by users using identical login information across multiple platforms. Previous data breaches were able to obtain email and password combinations from other companies, which rendered the user accounts for 23andMe vulnerable to attack individually. Many businesses require password changes to avoid this kind of vulnerability, but it is not common practice among consumer-facing logins.
