Comment

Comment on 23andMe tells victims it's their fault that their data was breached | TechCrunch

Monument@lemmy.sdf.org ⁨10⁩ ⁨months⁩ ago

Those are my questions, too. It boggles my mind that so many accounts didn’t seem to raise a red flag. Did 23&Me have any sort of suspicious behavior detection?

And how did those breached accounts access that much data without it being observed as an obvious pattern?

source

Sort:hotnew top

douglasg14b@lemmy.world ⁨10⁩ ⁨months⁩ ago
If the accounts were logged into from geographically similar locations at normal volumes then it wouldn’t look too out of the ordinary.

The part that would probably look suspicious would be the increase in traffic from data exfiltration. However, that would probably be a low priority alert for most engineering orgs.

source
- sudneo@lemmy.world ⁨10⁩ ⁨months⁩ ago
  
  If the accounts were logged into from geographically similar locations at normal volumes then it wouldn’t look too out of the ordinary.
  
  I mean, device fingerprinting is used for this purpose. Then there is the geographic pattern, the IP reputation etc. Any difference -> ask MFA.
  
  It’s so difficult that most companies tend to just defer to large players like Google and Microsoft to do this for them.
  
  Cloudflare, Imperva, Akamai I believe all offer these services. These are some of the players who can help against this type of attack, plus of course in-house tools. If you decide to collect sensitive data, you should also provide appropriate security. If you don’t want to pay for services, force MFA at every login.
  
  source