Genetic testing company 23andMe revealed that its data breach was much worse than previously reported, hitting about half of its total customers.
23andMe confirms hackers stole ancestry data on 6.9 million users::Genetic testing company 23andMe revealed that its data breach was much worse than previously reported, hitting about half of its total customers.
This is so predictable. Large databases are valuable targets for theft.
It seems like the vulnerability at 23 was users who used the same password on another site.
Presumably the attackers had those databases (easy to obtain peeps, thats why we use different passwords and password managers) and a good script that let them login and download. Probably over a whole lot of proxy IPs, so it was hard for 23 to see that they were under attack for a while.
Don’t know what else to say… Maybe 2 factor authentication should be more common. I guess with them you could spit on your monitor and it should log you in.
If that’s the only issue it seems a bit of a far reach to say they were breached.
Would you let government collect DNA from people when they are born? Absolutely not, but I will definitely give it to a silicon valley start up who will then proceed to sell it and have it stolen.
I don’t see how government vs private makes any difference.
A baby isn’t capable of informed consent, so their DNA shouldn’t be collected unless it’s required for some medical reason (and then the sample should be immediately destroyed and no records kept).
If an adult, however, wants to voluntarily give these folks a DNA sample… well that’s their choice. I’m not surprised it ended poorly.
So I got an email today telling me that I would automatically accept their new ToS (which included barring me from class action lawsuits without 1-2 months of arbitration), but I could email them to refuse the change and keep the old ToS. I emailed them to refuse the change, was that a mistake?
I find it hard to believe “not responding to an email” is consent. I mean they can write that in an email but there’s no way they could hold you to that in court.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
English
This is so predictable. Large databases are valuable targets for theft.
It seems like the vulnerability at 23 was users who used the same password on another site.
Presumably the attackers had those databases (easy to obtain peeps, thats why we use different passwords and password managers) and a good script that let them login and download. Probably over a whole lot of proxy IPs, so it was hard for 23 to see that they were under attack for a while.
Don’t know what else to say… Maybe 2 factor authentication should be more common. I guess with them you could spit on your monitor and it should log you in.
If that’s the only issue it seems a bit of a far reach to say they were breached.
Would you let government collect DNA from people when they are born? Absolutely not, but I will definitely give it to a silicon valley start up who will then proceed to sell it and have it stolen.
If you’re allowing a corporation to have it, you are giving de facto consent for government to collect it with zero regard for your rights whatsoever.
They have the greatest ability to buy it, the greatest ability to steal it, and a fairly unique ability to confiscate it.
Good point with that last sentence.
Yeah but what about great aunt Marge? Don’t you want to know if it was Scotland or Denmark?!?
I don’t see how government vs private makes any difference.
A baby isn’t capable of informed consent, so their DNA shouldn’t be collected unless it’s required for some medical reason (and then the sample should be immediately destroyed and no records kept).
If an adult, however, wants to voluntarily give these folks a DNA sample… well that’s their choice. I’m not surprised it ended poorly.
There should be a mandatory test or exam before allowing companies to handle user data. And it should be perpetual.
Hey, at least they weren’t put in the Jewish Database.
deleted by creator
Two days ago they sent an update to their TOS that they will require arbitration and to reply to their legal department to “opt out”.
I got the email from 23 and me about changing their terms of service as well (wordy for search engine optimization). I opted out of the change
Thank you. Done.
Probably not legal, but if it doesn’t get challenged…
Yet more evidence that we shouldn’t be handing over sensitive data to random companies. Will this change anyone’s behaviour? Sadly, probably not.
Didn’t they originally try to brush this off as credential stuffing and aggregation?
There should be harsher penalties around mishandling people’s data, especially if you lie about it to save face.
So I got an email today telling me that I would automatically accept their new ToS (which included barring me from class action lawsuits without 1-2 months of arbitration), but I could email them to refuse the change and keep the old ToS. I emailed them to refuse the change, was that a mistake?
No
I find it hard to believe “not responding to an email” is consent. I mean they can write that in an email but there’s no way they could hold you to that in court.
It’s typical in software.
Oh no, they know I’m 7.2% French.
Ah, so they’ll miss out on a few sales of all that genetic data people pay them to collect. Boohoo.
And this, children, is why we don’t give deeply personal data to companies.