Flutterby™! : 23andMe maybe not really hacked

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

23andMe maybe not really hacked

2024-01-04 01:55:59.838015+01 by Dan Lyke 0 comments

23andMe tells victims it’s their fault that their data was breached

The data breach started with hackers accessing only around 14,000 user accounts. The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing.

From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe’s DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform.

I mean, my first reaction was to quote Otter from Animal House: "Flounder, you can't spend your whole life worrying about your mistakes! You fucked up... you trusted us! Hey, make the best of it! Maybe we can help."

But really, this is more about the whole trust model from engaging in the activity in the first place.

[ related topics: Real Estate ]

comments in ascending chronological order (reverse):