this post was submitted on 06 Oct 2023
170 points (93.4% liked)

Technology

59374 readers
7834 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 43 points 1 year ago (2 children)

On one hand, it was inevitable. 23andMe is one sweet pot. We’ve always known genetic data would one day be used for nefarious purposes and consumer were warned back then to be cautious with what they were signing up for. On the other, how in the world did they not better safeguard and isolate user data? I’d expect encryption and safeguards on par with a password manager like 1Password.

The company said its systems were not breached and that attackers gathered the data by guessing the login credentials of a group of users and then scraping more people’s information from a feature known as DNA Relatives

I know I have the DNA relative feature enabled but I would’ve never imagined that was scrapeable and a vulnerability.

[–] [email protected] 22 points 1 year ago* (last edited 1 year ago)

All data is scrapable. It's just a matter of how difficult it is to scrape and whether it's worth the effort.

Assume anything you see or input is being captured, because it almost always is, even if it's just because WiFi can trace your physical outline, or a street camera saw you unlock your phone, or your fingerprint is can be copied from a door handle.

The only place that data is mostly still secure is literally your brain, but even then, that can be compromised with a bottle of booze.

how in the world did they not better safeguard and isolate user data?

It's realistically impossible to 100% do this, unfortunately. 20+ year old security flaws are discovered alarmingly frequently, and once the wrong person knows about the right exploit, they can automate entire global attacks. Automated attacks make up a lot of global internet traffic.

Imagine there are physical medieval castles with moats with crocodiles and turrets and an entire defending army with ballistas... but doors randomly appear in the external walls, and bridges instantly construct over the moat, and entire sections of walls can disappear unexpectedly. When there is an infinitely replenishable enemy army attacking that castle, they're going to get in eventually. That is what the internet is, but digitally.

Humans write code, and humans aren't perfect, so neither is their code. And anything Humans make or do, a different human will try to destroy or exploit it, that is guaranteed. It's a problem we've had for as long as we've been organisms.

[–] [email protected] 11 points 1 year ago

I know I have the DNA relative feature enabled but I would’ve never imagined that was scrapeable and a vulnerability.

if it's viewable in a browser, it can be scraped.

You can make it more annoying for scrapers, but in the end, you need to show stuff to your users, and that's what scrapers basically emulate in the end.

And as for being a vulnerability: Finding the murderer of a cold case