Technology

59424 readers

3341 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

828

23andMe tells victims it's their fault that their data was breached | TechCrunch (techcrunch.com)

submitted 10 months ago by [email protected] to c/[email protected]

276 comments fedilink hide all child comments

Hope this isn't a repeated submission. Funny how they're trying to deflect blame after they tried to change the EULA post breach.

(page 2) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 12 points 10 months ago (2 children)

I wonder if they can identify a genetic predisposition that these patients had that made them more prone to compromising their passwords? And then if so, was it REALLY their fault?

load more comments (2 replies)

[–] [email protected] 11 points 10 months ago (4 children)

I mean, it is kinda their fault in the first place for using an optional corporate service that stores very private data of yours which could be used in malicious ways.

load more comments (4 replies)

[–] [email protected] 9 points 10 months ago

This is the best summary I could come up with:

“Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events,” Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe, told TechCrunch in an email.

In December, 23andMe admitted that hackers had stolen the genetic and ancestry data of 6.9 million users, nearly half of all its customers.

The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing.

“The breach impacted millions of consumers whose data was exposed through the DNA Relatives feature on 23andMe’s platform, not because they used recycled passwords.

23andMe’s attempt to shirk responsibility by blaming its customers does nothing for these millions of consumers whose data was compromised through no fault of their own whatsoever,” said Zavareei.

Lawyers with experience representing data breach victims told TechCrunch that the changes were “cynical,” “self-serving,” and “a desperate attempt” to protect itself and deter customers from going after the company.

The original article contains 721 words, the summary contains 184 words. Saved 74%. I'm a bot and I'm open source!

[–] [email protected] 7 points 10 months ago

From the article:

The data breach started with hackers accessing only around 14,000 user accounts. The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing.

From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe’s DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform.

[–] [email protected] 7 points 10 months ago (1 children)

That headline sounds to me like them claiming "Y'all're a bunch of eejits for usin' our service!"

To which I'd say "Yeah sure, I'm certain that would hold up in court" with the biggest eye roll you could imagine

[–] [email protected] 8 points 10 months ago

23andMe

I never met a Geneticist who couldn't immediately recognize this company as a scam. The product wasn't the papers they send you after doing random marker tests once (so, false positives exist, and they never cared). The product is the DNA they collected by convincing people that their test was even remotely useful or insightful.

Its entirely based on correlation; and correlation to what? Geographic area? That makes no sense if you know one of any number of fields and many don't even have to be scientific in nature, or genetics.

I have always hated them, always told people to never use them and get themselves a proper 50x full genome sequencing since it costed the same; and actually provides real, resolute and reliable data. Not just like borderline pseudoscience. Might as well sent in the shape of your skull.

[–] [email protected] 6 points 10 months ago

Company involved in a data breach try not to blame customers challenge (impossible)

[–] [email protected] 6 points 10 months ago (1 children)

I knew better than to give thee companies my DNA but of course I've had family give it to them. I suppose if I was wanted for an unsolved murder I'd be a bit concerned, but I'm still not happy that anyone's DNA is compromised that I'm associated with.

The question to me is what's the play with that data. I'd assume they would have a use for it if they went to the trouble of stealing it. I suspect in the future this will be lucrative data, but what's the play right now??

load more comments (1 replies)

load more comments