Comment on 23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits
automattable@lemmy.world 10 months agoI get asked to prove I’m making a legit login attempt all the time because it’s from a new IP address. 23andMe could have implemented something similar, and given the sensitive nature of the data they host and given how we all know that people can’t be trusted to have good password hygiene, I think they should have been required to do so.
IMO this whole thing is just more proof that we need better regulation around how companies treat users’ private information.
SnotFlickerman@lemmy.blahaj.zone 10 months ago
Did you miss the part where our government can’t even pass a budget, but you’re expecting them to pass laws like this?
bamboo@lemmy.blahaj.zone 10 months ago
You can’t spoof your IP address because of the TCP handshake. You could proxy your traffic to appear from coming from a different IP address than from the computers making the requests. This would still be identified as suspicious because the proxy IP address would differ from an IP address a user had logged in from before.
Even if the “hackers” knew every user’s IP address, they would not be able to establish a connection with it appearing from an IP address that didn’t really initiate the traffic.