> Nothing on 23andme’s end failed unless you consider someone using a correct user/pass combo while not being the owner as a fail on the part of 23andMe rather than the end user.
Well not recognizing you have 14k logins coming from the same place, possibly with a lot coming from someplace else than the last login on the account, is definitely a failure on their part. That's why more and more websites send you emails to allow logins from a new location. Or have login rate-limiters (too many request from your network).
I wonder how easy it is to have the location (at least country) of a user from the breached data, to use bots in the appropriate country and evade "login from a new location" protections. I guess easy enough if whole accounts have leaked.
If was indeed a DB leak, as claimed, some sites will have emails/hashes/passwords/last know login location/ip potentially. It’s not a stretch to think that a botnet could run from not only the same country but even the same region or city as the last known login or IP cluster.
Well not recognizing you have 14k logins coming from the same place, possibly with a lot coming from someplace else than the last login on the account, is definitely a failure on their part. That's why more and more websites send you emails to allow logins from a new location. Or have login rate-limiters (too many request from your network).