Technology

58303 readers

19 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

205

23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits (www.wired.com)

submitted 10 months ago by [email protected] to c/[email protected]

27 comments fedilink hide all child comments

23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits::Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 29 points 10 months ago (3 children)

The real issue was the DNA Relatives feature, which allowed information to be shared with other users in the platform. From this TechCrunch article

by hacking into only 14,000 customers’ accounts, the hackers subsequently scraped personal data of another 6.9 million customers whose accounts were not directly hacked

There are 6.9 million people who could have been using 2FA and unique passwords, and their personal information was scrapped just because of 14k accounts which were reusing passwords.

[–] [email protected] 13 points 10 months ago* (last edited 10 months ago) (1 children)

This data of 6.9M users was not private anyways after these users opted into the program. It's really not a leak.

[–] [email protected] 5 points 10 months ago

Agreed, although name and nationality isn't really private information to begin with. Just based on the numbers, it seems like it was sharing the information too broadly, probably to 4th cousins twice removed. When users opted in to this feature, the intent was for distant relatives to be able to connect, not to show up on a list of Eastern European Jews to be shared on 4chan.

[–] [email protected] 4 points 10 months ago (1 children)

If I give my credit card to my sister, and she drops it, that's not MasterCard's fault. If they were very concerned, they should've made sure their relatives were trustworthy.

[–] [email protected] 4 points 10 months ago* (last edited 10 months ago) (1 children)

A better example might be your sister has the keys to your house and a note out on the counter with a label that says "surewhynotlem's house key."

A home intruder finds the key, and now has information on where the key can be used. When your house is robbed, it isn't the locksmith who is to blame.

[–] [email protected] 4 points 10 months ago* (last edited 10 months ago)

I'd say it's more like you gave your mom your SSN (or similar private information) because she said she needed it for her will or something. When you gave it to her she mumbled she'd share it with your sister too. You weren't really paying attention and just went "yuh huh" when you probably should have told her not to. Your sister uses one key for everything and a burglar got a copy of that key from an earlier burglarly. The burglar eventually used the key to rob her and took your SSN, which he's now selling.

Mom=23andme

Sister=relative

"yuh huh"=not disabling "DNA Relatives" sharing feature

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago)

DNA Relatives was an opt-in program, so you had to choose to share your data. To their knowledge, they were data-sharing with their relatives.

Once again, what is a system supposed to do when given the correct login credentials?

Because this is normal behavior when logged in with correct credentials.