this post was submitted on 06 Oct 2023
392 points (97.1% liked)

World News

32283 readers
535 users here now

News from around the world!

Rules:

founded 5 years ago
MODERATORS
 

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

top 50 comments
sorted by: hot top controversial new old
[–] vlad76@lemmy.sdf.org 184 points 1 year ago (1 children)

And that's exactly what people were worried might happen.

[–] kn33@lemmy.world 77 points 1 year ago (1 children)

This was incredibly predictable

[–] ArbiterXero@lemmy.world 37 points 1 year ago

But they promised!

[–] Omega_Haxors@lemmy.ml 101 points 1 year ago (1 children)

If people were actually taught history they would have known exactly what their genetic information being in a registry would result in.

[–] blandy@lemmy.ml 24 points 1 year ago

Ooof.

IBM and the Holocaust by Edwin Black should be standard reading for high school students.

[–] ikiru@lemmy.ml 87 points 1 year ago (9 children)

I can't believe people voluntarily sent them their DNA.

[–] batmangrundies@lemmy.world 72 points 1 year ago (1 children)

The worst part is it you have enough family members who used these services your details are likely on there too.

[–] kungen@feddit.nu 17 points 1 year ago (3 children)

Though if neither a father nor his sons have submitted their DNA, the service will lack all that Y-DNA though, right? I'm glad I made the right decision to not send in my DNA to those sites, despite my sisters hounding me to do it after our dad refused, lol.

It's a shame though, because family genetic networking is interesting, but it just goes to show you can't trust these companies. (Even though the company didn't really do anything truly wrong in this case, as it's simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information)

[–] rcbrk@lemmy.ml 30 points 1 year ago (1 children)

Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information

There's nothing special or new or unique or unforseen about the security requirements of 23andMe.

They absolutely failed to implement an appropriate level of security measures for their service.

Mandatory 2FA could've prevented this.

[–] Parabola@lemmy.world 5 points 1 year ago (2 children)

Part of the issue is the average person using a service like this, and people comfortable with MFA don’t really overlap.

[–] clanginator@lemmy.world 13 points 1 year ago

I mean, too bad. You're accessing the results of your genetic data that contain sensitive personal information on relatives as well as yourself. Banks require 2FA, and people figure out how to use that.

[–] rcbrk@lemmy.ml 6 points 1 year ago (2 children)

Hence the key word: mandatory.

load more comments (2 replies)
[–] macracanthorhynchus@mander.xyz 11 points 1 year ago

Y chromosomes have very little information on them, and the DNA there is pretty highly conserved. You're not really keeping any secrets by hiding your Y chromosome away.

[–] GentriFriedRice@lemmy.world 5 points 1 year ago* (last edited 1 year ago)

It's not really like they are storing DNA sequences anyways. They use a genotyping array which just reads ~650k single nucleotide polymorphisms (SNPs).

An analogy would be 23andme has a 6.4mil page book of DNA for a single customer but they only know the position and letter of single character on every tenth page. Sure it's enough to identify someone (You can confidently use 50 SNPs to identify these days) but it's not like 23andme was ever storing a whole genome

[–] avidamoeba@lemmy.ca 19 points 1 year ago

They also sent your DNA involuntarily. You can be IDed of someone in your genetic vicinity has sent theirs. They don't even need to be super close.

[–] jordanlund@lemmy.world 15 points 1 year ago (3 children)

I sent mine in because 75% of my DNA comes from sources unknown to me. It's been interesting seeing what pops up.

load more comments (3 replies)
[–] DessertStorms@kbin.social 12 points 1 year ago* (last edited 1 year ago) (12 children)

Top notch victim blaming you got there...

ETA because I don't engage with bigots:
Imagine that, the descendants of one of the biggest genocides in history want to try and piece their history together, and use the available tools to do it with, fucking shocker..
Then, when they continue getting targeted just for existing, privileged ignorant bigots who couldn't even imagine what having over 90% of their community gassed is like, and have never been oppressed for who they are a day in their lives, simply can't help themselves but jump to justify them being attacked again:

tHe bAstArDs dEseRve eVerYthInG tHey GeT!!11

And somehow not a word about the attackers, nor the company that failed its customers.

Sure, antisemitic Jan..🙄🙄🙄

[–] ikiru@lemmy.ml 5 points 1 year ago
load more comments (11 replies)
load more comments (5 replies)
[–] Taleya@aussie.zone 42 points 1 year ago (1 children)
[–] Lumun@lemmy.zip 7 points 1 year ago
[–] saigot@lemmy.ca 39 points 1 year ago (2 children)

The company said its systems were not breached and that attackers gathered the data by guessing the login credentials of a group of users and then scraping more people’s information from a feature known as DNA Relatives.

The information does not appear to include actual, raw genetic data.

[–] Saik0Shinigami@lemmy.saik0.com 37 points 1 year ago (1 children)

This doesn't absolve them of anything. If you see thousands of accounts being individually logged in from the same block of IP addresses, and those users have never logged in from there before. That should raise red flags. No, Fred from California shouldn't be logging in from a vpn based out of Ireland right after Anne from NY logged in from that same VPN from Ireland.

Users are dumb. This is why there's tools to track odd behavior and clamp down on it.

[–] skippedtoc@lemmy.world 8 points 1 year ago* (last edited 1 year ago) (10 children)

"This doesn't absolve them of anything"

Of course it does. "Security" based on behaviour tracking is not the expected default like you are making it to be. (neither should it be.)

[–] wildginger@lemmy.myserv.one 3 points 1 year ago (4 children)

Thats how my bank tracks my money, and while it might be mildly annoying to make a quick call to reactivate my card if I triggered a red flag, it is absolutely a well appreciated and useful safety feature that I am glad my bank employs.

Why would I not expect the same level of security for a piece of my medical data? Thats just as important as my money.

load more comments (4 replies)
load more comments (9 replies)
load more comments (1 replies)
[–] BertramDitore@lemmy.world 28 points 1 year ago

And people wonder why I’m paranoid about privacy…

[–] FIST_FILLET@lemmy.ml 25 points 1 year ago (2 children)

a lot of people in these comments who live in privacy-conscious bubbles and aren’t very familiar with “normal” people

[–] funkless_eck@sh.itjust.works 11 points 1 year ago

there's also this attitude that certain users never did anything wrong. YouSureAboutThat.jpg

They never signed up for anything that compromised their privacy?

Also, we all live in abodes with wooden doors and glass windows that anyone with a rock or a stick can break into. Doesn't mean we deserve to be murdered in our sleep.

[–] sevenapples@lemmygrad.ml 6 points 1 year ago* (last edited 1 year ago) (1 children)

The fact that big companies collect and sell your data is common knowledge now, definitely not something esoteric that only people in privacy-conscious bubbles know of. However, "normal" people refuse to not follow every trend or get inconvenienced.

load more comments (1 replies)
[–] ExcursionInversion@lemmy.world 24 points 1 year ago

This is why you don't reuse passwords

[–] Akasazh@feddit.nl 15 points 1 year ago

The full picture of why the data was stolen, how much more the attackers have, and whether it is actually focused entirely on Ashkenazim is still unclear.

From the article. Way to sensationalize a title...

[–] S_204@lemmy.world 10 points 1 year ago (3 children)

My uncle tried to get me to do this for his family tree project.

Super happy I didn't cave to his persistence.

Wonder what the angle of targeting Jews is here? Are they trying to figure out why they've got stomach issues or something?

[–] creamed_eels@toast.ooo 17 points 1 year ago

Wonder what the angle of targeting Jews is here?

…are you seriously asking? I can’t figure out if you’re trolling here. I’m going to go out on a limb and guess it wasn’t breached by a group of geneticists looking to cure Tay-Sachs.

[–] wildginger@lemmy.myserv.one 13 points 1 year ago (5 children)

I mean, targeting jews is obvious, no? Some racial purity freaks are trying to target the genetic root of a minority group.

23andMe basically drafted up a list of as many jewish descendants as they could get, which means the lunatics can use it as an easy list of targets.

Heres hoping the fuckers get caught before they can do anything with the data.

load more comments (5 replies)
[–] blterrible@lemmy.ml 4 points 1 year ago

There's a whole conspiracy regarding Covid that RFK Jr. is blathering about. Supposedly this data breach targeted Jews and Chinese folks. I'm assuming that it's related in some way, but it's not clear how.

load more comments
view more: next ›