this post was submitted on 03 Jan 2024
777 points (94.0% liked)

Technology

58108 readers
5153 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
L4s@lemmy.world
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
777
23andMe tells victims it's their fault that their data was breached | TechCrunch (techcrunch.com)
submitted 8 months ago by Eezyville@sh.itjust.works to c/technology@lemmy.world
246 comments fedilink hide all child comments
 

Hope this isn't a repeated submission. Funny how they're trying to deflect blame after they tried to change the EULA post breach.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] autotldr@lemmings.world 9 points 8 months ago

This is the best summary I could come up with:

“Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events,” Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe, told TechCrunch in an email.

In December, 23andMe admitted that hackers had stolen the genetic and ancestry data of 6.9 million users, nearly half of all its customers.

The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing.

“The breach impacted millions of consumers whose data was exposed through the DNA Relatives feature on 23andMe’s platform, not because they used recycled passwords.

23andMe’s attempt to shirk responsibility by blaming its customers does nothing for these millions of consumers whose data was compromised through no fault of their own whatsoever,” said Zavareei.

Lawyers with experience representing data breach victims told TechCrunch that the changes were “cynical,” “self-serving,” and “a desperate attempt” to protect itself and deter customers from going after the company.

The original article contains 721 words, the summary contains 184 words. Saved 74%. I'm a bot and I'm open source!

[–] Iron_Lynx@lemmy.world 7 points 8 months ago (1 children)

That headline sounds to me like them claiming "Y'all're a bunch of eejits for usin' our service!"

To which I'd say "Yeah sure, I'm certain that would hold up in court" with the biggest eye roll you could imagine

[–] shehackedyou@lemmy.world 9 points 8 months ago

23andMe

I never met a Geneticist who couldn't immediately recognize this company as a scam. The product wasn't the papers they send you after doing random marker tests once (so, false positives exist, and they never cared). The product is the DNA they collected by convincing people that their test was even remotely useful or insightful.

Its entirely based on correlation; and correlation to what? Geographic area? That makes no sense if you know one of any number of fields and many don't even have to be scientific in nature, or genetics.

I have always hated them, always told people to never use them and get themselves a proper 50x full genome sequencing since it costed the same; and actually provides real, resolute and reliable data. Not just like borderline pseudoscience. Might as well sent in the shape of your skull.

[–] RaincoatsGeorge@lemmy.zip 6 points 8 months ago (1 children)

I knew better than to give thee companies my DNA but of course I've had family give it to them. I suppose if I was wanted for an unsolved murder I'd be a bit concerned, but I'm still not happy that anyone's DNA is compromised that I'm associated with.

The question to me is what's the play with that data. I'd assume they would have a use for it if they went to the trouble of stealing it. I suspect in the future this will be lucrative data, but what's the play right now??

load more comments (1 replies)
[–] ClassyHatter@sopuli.xyz 6 points 8 months ago

From the article:

The data breach started with hackers accessing only around 14,000 user accounts. The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing.

From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe’s DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform.

load more comments
view more: ‹ prev next ›