this post was submitted on 06 Oct 2023
393 points (97.1% liked)

World News

32077 readers
865 users here now

News from around the world!

Rules:

founded 4 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
393
23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews (www.wired.com)
submitted 11 months ago by [email protected] to c/[email protected]
105 comments fedilink hide all child comments
 

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 30 points 11 months ago (1 children)

Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information

There's nothing special or new or unique or unforseen about the security requirements of 23andMe.

They absolutely failed to implement an appropriate level of security measures for their service.

Mandatory 2FA could've prevented this.

[–] [email protected] 5 points 11 months ago (2 children)

Part of the issue is the average person using a service like this, and people comfortable with MFA don’t really overlap.

[–] [email protected] 13 points 11 months ago

I mean, too bad. You're accessing the results of your genetic data that contain sensitive personal information on relatives as well as yourself. Banks require 2FA, and people figure out how to use that.

[–] [email protected] 6 points 11 months ago (1 children)

Hence the key word: mandatory.

[–] [email protected] 1 points 11 months ago (1 children)

Oh I didn’t miss that. Would it be a good business decision for nascar to force people wanting to buy live tickets to eat a vegan meal?

[–] [email protected] 0 points 11 months ago

"We sent you an SMS with a 4 digit number, please type it in this box" is a pretty low bar.