this post was submitted on 26 Jan 2024
324 points (98.5% liked)
Technology
59390 readers
2763 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's only after they broke in.
So to be clear: the attackers logged into people's accounts, using those people's passwords that they stole from other sites, and then got access to those people's data and the data shared with those people.
I don't see how any of this is a hack. If you gave me your login and password, then I would be able to do the same thing. Is that hacking?
The "unauthorized access" portion is what makes it a hack. It's not a super technical hack, but it's a hack.
Ahhh, I always forget that use of the term. In that case yes.
the heck was when they got the username and password. this is just the extended consequences because people use the same password for everything.
That is correct. But they didn't get that from 23andMe. They got the username and password from other sites that were hacked, and the affected users were those that had the same password on 23andme. This is not a 23andMe security issue.
that's kind of fair, but part of the point is that they didn't even need to access the accounts of people that were compromised. they just needed to access someone who was related to them to access their genetic info.