this post was submitted on 03 Jan 2024
748 points (93.7% liked)

Technology

72414 readers
2873 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

Hope this isn't a repeated submission. Funny how they're trying to deflect blame after they tried to change the EULA post breach.

you are viewing a single comment's thread
view the rest of the comments
[–] TheEighthDoctor@lemmy.world 19 points 2 years ago (27 children)

And I agree with them, I mean 23andMe should have a brute-force resistant login implementation and 2FA, but you know that when you create an account.

If you are reusing creds you should expect to be compromised pretty easily.

[–] Max_P@lemmy.max-p.me 28 points 2 years ago* (last edited 2 years ago) (13 children)

A successful breach of a family member's account due to their bad security shouldn't result in the breach of my account. That's the problem.

Edit: so people stop asking, here's their docs on DNA relatives: https://customercare.23andme.com/hc/en-us/articles/212170838

Showing your genetic ancestry results makes select information available to your matches in DNA Relatives

It clearly says select information, which one could reasonably assume is protecting of your privacy. All the reports seem to imply the hackers got access to much more than just the couple fun numbers the UI shows you.

At minimum I hold them responsible for not thinking this feature through enough that it could be used for racial profiling. That's the equivalent of being searchable on Facebook but they didn't think to not make your email, location and phone number available to everyone who searches for you. I want to be discoverable by my friends and family but I'm not intending to make more than my name and picture available.

[–] givesomefucks@lemmy.world 16 points 2 years ago* (last edited 2 years ago) (6 children)

A successful breach of a family member’s account due to their bad security shouldn’t result in the breach of my account. That’s the problem

I mean...

You volunteered to share your info with that person.

And that person reused a email/password that was compromised.

How can 23andme prevent that?

It sucks, but it's the fault of your relative that you entrusted with access to your information.

No different than if you handed them a hardcopy and they left it on the table of McDonald's .

Quick edit:

It sounds like you think your account would be compromised, that's not what happened. Only info you shared with the compromised relative becomes compromised. They don't magically get your password.

But you still choose to make it accessible to that relatives account by accepting their request to share

[–] dmonzel@lemmy.ml -2 points 2 years ago (1 children)

Could I please have your personal information?

[–] dpkonofa@lemmy.world 5 points 2 years ago (1 children)
[–] dmonzel@lemmy.ml 0 points 2 years ago (1 children)

Ok, who else would be able to give me your personal information. I'll go get it from them instead.

[–] dpkonofa@lemmy.world 4 points 2 years ago (1 children)

Your mom has my contact information. You can ask her.

/pwn3d.

[–] dmonzel@lemmy.ml -5 points 2 years ago (1 children)

Oh, so you're actually not consenting to have some personal information you've given to family given to me as well? Odd, you sure seemed ok when it was people having their information snagged from 23andMe.

[–] dpkonofa@lemmy.world 2 points 2 years ago

No, but I didn't consent to give that info to family either. If I was worried about my data getting in the hands of strangers, I wouldn't have shared it with strangers which is what happened here. Unless you count a 4th cousin that you've never met "family", why would you give them access to your data?

load more comments (4 replies)
load more comments (10 replies)
load more comments (23 replies)