Comment on 23andMe tells victims it's their fault that their data was breached | TechCrunch
EndOfLine@lemmy.world 10 months ago
23andMe admitted that hackers had stolen the genetic and ancestry data of 6.9 million users
I’m honestly asking what the impact to the users is from this breach. Wasn’t 23andMe already free to selling or distribute this data to anybody they wanted to, without notifying the users?
I’m honestly asking what the impact to the users is from this breach.
The stolen info was used to databases of people with jewish ancestry that were sold on the dark web. I think there was a list of similar DB of people with chinese ancestry.
23andme's poor security practices have directly helped violent white supremecists find targets.
That is a whoooolllee lot of assumptions
Why do you think someone would buy illegally obtained lists of people with Jewish or Chinese ancestry? And who do you think would be buying it?
Scammers, that opens up a lot of scam potential.
Hi, I’m your new cousin.
I would guess (hope?) that the data sets they sell are somewhat anonymized, like listing people by an i.d. number instead of the person's name, and not including contact information like home address and telephone number.
hoshikarakitaridia@sh.itjust.works 10 months ago
That’s not how this works. They are running internationally, and GDPR would hit them like a brick if they did that.
I would assume they had some deals with law enforcement to transmit data one narrow circumstances.
This is different. This is a breach and if you have a company taking care of such sensitive data, it’s your job to do the best you can to protect it. If they really do blame this on the users, they are in for a class action and hefty fine from the EU, especially now that they’ve established even more guidelines towards companies regarding the maintenance of sensitive data. This will hurt on some regard.
givesomefucks@lemmy.world 10 months ago
It’s not that they said:
What they said was (paraphrasing):
Which, honestly?
Completely valid. The only way to stop this would be for 23andme to monitor these “hack lists” and notify any email that also has an account on their website.
Side note:
Any tech company can provide info if asked by the police. The good ones require a warrant first, but as data owners they can provide it without a warrant.
LUHG_HANI@lemmy.world 10 months ago
That’s not 23 and me fault at all then. Basically boils down to password reuse. All i would say is they should have provided 2fa if they didn’t.
52fighters@kbin.social 10 months ago
At this point, every company not using 2FA is at fault for data hacks. Most people using the internet have logins to 100's of sites. Knowing where to do to change all your passwords is nearly impossible for a seasoned internet user.
dpkonofa@lemmy.world 10 months ago
Unfortunately, from the information that I’ve seen, the hack lists didn’t have these credentials. HIBP is the most popular one and it’s claimed that the database used for these wasn’t posted publicly but was instead sold on the dark web. I’m sure there’s some overlap with previous lists if people used the same passwords but the specific dataset in this case wasn’t made public like others.