394
23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews (www.wired.com)
submitted 9 months ago by stopthatgirl7@kbin.social to c/worldnews@lemmy.ml
103 comments fedilink hide all child comments

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

you are viewing a single comment's thread
view the rest of the comments
[-] ikiru@lemmy.ml 87 points 9 months ago

I can't believe people voluntarily sent them their DNA.

[-] batmangrundies@lemmy.world 73 points 9 months ago

The worst part is it you have enough family members who used these services your details are likely on there too.

[-] kungen@feddit.nu 17 points 9 months ago

Though if neither a father nor his sons have submitted their DNA, the service will lack all that Y-DNA though, right? I'm glad I made the right decision to not send in my DNA to those sites, despite my sisters hounding me to do it after our dad refused, lol.

It's a shame though, because family genetic networking is interesting, but it just goes to show you can't trust these companies. (Even though the company didn't really do anything truly wrong in this case, as it's simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information)

[-] rcbrk@lemmy.ml 30 points 9 months ago

Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information

There's nothing special or new or unique or unforseen about the security requirements of 23andMe.

They absolutely failed to implement an appropriate level of security measures for their service.

Mandatory 2FA could've prevented this.

[-] Parabola@lemmy.world 5 points 9 months ago

Part of the issue is the average person using a service like this, and people comfortable with MFA don’t really overlap.

[-] clanginator@lemmy.world 12 points 9 months ago

I mean, too bad. You're accessing the results of your genetic data that contain sensitive personal information on relatives as well as yourself. Banks require 2FA, and people figure out how to use that.

[-] rcbrk@lemmy.ml 6 points 9 months ago

Hence the key word: mandatory.

[-] Parabola@lemmy.world 1 points 9 months ago

Oh I didn’t miss that. Would it be a good business decision for nascar to force people wanting to buy live tickets to eat a vegan meal?

[-] rcbrk@lemmy.ml 0 points 8 months ago

"We sent you an SMS with a 4 digit number, please type it in this box" is a pretty low bar.

[-] macracanthorhynchus@mander.xyz 11 points 9 months ago

Y chromosomes have very little information on them, and the DNA there is pretty highly conserved. You're not really keeping any secrets by hiding your Y chromosome away.

[-] GentriFriedRice@lemmy.world 5 points 9 months ago* (last edited 9 months ago)

It's not really like they are storing DNA sequences anyways. They use a genotyping array which just reads ~650k single nucleotide polymorphisms (SNPs).

An analogy would be 23andme has a 6.4mil page book of DNA for a single customer but they only know the position and letter of single character on every tenth page. Sure it's enough to identify someone (You can confidently use 50 SNPs to identify these days) but it's not like 23andme was ever storing a whole genome

load more comments (33 replies)
this post was submitted on 06 Oct 2023
394 points (97.1% liked)

World News

31456 readers
1653 users here now

News from around the world!

Rules:

founded 4 years ago
MODERATORS
Rumblestiltskin@lemmy.ml
AgreeableLandscape@lemmy.ml
jackmarxist@lemmy.ml
zephyreks@lemmy.ml
OurToothbrush@lemmy.ml