At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.
From this moment forward I will be grateful that I’ve never been in responsible with securely storing this kind of PII.
clearedtoland@lemmy.world 1 year ago
On one hand, it was inevitable. 23andMe is one sweet pot. We’ve always known genetic data would one day be used for nefarious purposes and consumer were warned back then to be cautious with what they were signing up for. On the other, how in the world did they not better safeguard and isolate user data? I’d expect encryption and safeguards on par with a password manager like 1Password.
I know I have the DNA relative feature enabled but I would’ve never imagined that was scrapeable and a vulnerability.
fiat_lux@kbin.social 1 year ago
All data is scrapable. It's just a matter of how difficult it is to scrape and whether it's worth the effort.
Assume anything you see or input is being captured, because it almost always is, even if it's just because WiFi can trace your physical outline, or a street camera saw you unlock your phone, or your fingerprint is can be copied from a door handle.
The only place that data is mostly still secure is literally your brain, but even then, that can be compromised with a bottle of booze.
It's realistically impossible to 100% do this, unfortunately. 20+ year old security flaws are discovered alarmingly frequently, and once the wrong person knows about the right exploit, they can automate entire global attacks. Automated attacks make up a lot of global internet traffic.
Imagine if physical medieval castles with moats with crocodiles and turrets and an entire defending army with ballistas... but doors randomly appear in the external walls, and bridges instantly construct over the moat, and entire sections of walls can disappear unexpectedly. When there is an infinitely replenishable enemy army attacking that castle, they're going to get in eventually. That is what the internet is, but digitally.
Humans write code, and humans aren't perfect, so neither is their code. And anything Humans make or do, a different human will try to destroy or exploit it, that is guaranteed. It's a problem we've had for as long as we've been organisms.
SkaveRat@discuss.tchncs.de 1 year ago
if it’s viewable in a browser, it can be scraped.
You can make it more annoying for scrapers, but in the end, you need to show stuff to your users, and that’s what scrapers basically emulate in the end.
And as for being a vulnerability: Finding the murderer of a cold case