Remember 23andMe (ME)?
The genetic-testing company burst into the mainstream within the past decade. It convinced millions of people to swab their cheeks for fun and science.
At one point, it felt like 23andMe would eventually hold the DNA of almost every American.
The company went public in 2021. Its shares closed as high as $13.25 that November.
But since then, things haven’t gone well for 23andMe…
It turns out that most folks didn’t want to just give away their most personal information. So business stalled. And 23andMe realized that it would take a lot more marketing to grow.
The stock currently trades at around $0.85 per share. That’s a roughly 94% decline.
In other words, investors who bought and held their shares essentially got wiped out.
You might think that it couldn’t get worse than that for 23andMe. But it just did.
In short, 23andMe recently lost some of the data that defines us as humans…
That’s right…
Hackers have breached 23andMe.
Now, to be clear, it doesn’t look like the hackers directly accessed any genetic information.
But they did get their hands on a lot of details. The hacked items include family trees, family names, birth years, location data, and almost every type of ancestry-related data.
Put simply, it’s the worst-case scenario for 23andMe. And it’s a dark day for consumer data.
I want to focus specifically on one part of this story today. That’s because understanding this detail could help you save hundreds of thousands of dollars in the long run.
You see, the 23andMe breach started with a specific exploit. It’s called “credential stuffing.”
Credential stuffing is the practice of taking breached data from one website and trying it on another. Sometimes, the hackers find a match. And they can instantly access the account.
Folks, here’s the important point…
The mainstream media is misleading you when it comes to modern-day hackers.
These days, “hacking” has almost nothing to do with a kid in a dark room “cracking” a password. Almost all data breaches now come from mundane operations – like checking to see if a person has reused a password across multiple websites.
Hackers also try “phishing” unsuspecting folks. They try to trick you into clicking a link that takes you to a website that looks like a real website – and then they steal your information.
Now, if you’re reading this essay, you’ve likely been on the Internet for quite some time. And statistically speaking, you’re likely reusing your passwords in one way or another…
Only 35% of Americans report using a unique password for every website. And 13% admit that they use the same password for every website.
That’s an alarming statistic. But anything greater than zero makes the hackers’ jobs easier.
So folks, this is your reminder…
If you have any doubt about the passwords that protect your sensitive data, change them.
Better yet, turn on “two-factor authentication.” Then, you’ll get a text message or an e-mail with a unique code each time you log in. And if someone else is trying, they won’t succeed.
Without these basic steps, you could be risking your financial security. Or like what just happened to 23andMe users, you could be risking the very data that makes us human.
Good investing,
Vic Lederman
