At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it’s working to verify the data.
And that’s exactly what people were worried might happen.
This was incredibly predictable
But they promised!
If people were actually taught history they would have known exactly what their genetic information being in a registry would result in.
Ooof.
IBM and the Holocaust by Edwin Black should be standard reading for high school students.
I can’t believe people voluntarily sent them their DNA.
The worst part is it you have enough family members who used these services your details are likely on there too.
Though if neither a father nor his sons have submitted their DNA, the service will lack all that Y-DNA though, right? I’m glad I made the right decision to not send in my DNA to those sites, despite my sisters hounding me to do it after our dad refused, lol.
It’s a shame though, because family genetic networking is interesting, but it just goes to show you can’t trust these companies. (Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information)
Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information
There’s nothing special or new or unique or unforseen about the security requirements of 23andMe.
They absolutely failed to implement an appropriate level of security measures for their service.
Mandatory 2FA could’ve prevented this.
Part of the issue is the average person using a service like this, and people comfortable with MFA don’t really overlap.
I mean, too bad. You’re accessing the results of your genetic data that contain sensitive personal information on relatives as well as yourself. Banks require 2FA, and people figure out how to use that.
Hence the key word: mandatory.
Y chromosomes have very little information on them, and the DNA there is pretty highly conserved. You’re not really keeping any secrets by hiding your Y chromosome away.
It’s not really like they are storing DNA sequences anyways. They use a genotyping array which just reads ~650k single nucleotide polymorphisms (SNPs).
An analogy would be 23andme has a 6.4mil page book of DNA for a single customer but they only know the position and letter of single character on every tenth page. Sure it’s enough to identify someone (You can confidently use 50 SNPs to identify these days) but it’s not like 23andme was ever storing a whole genome
They also sent your DNA involuntarily. You can be IDed of someone in your genetic vicinity has sent theirs. They don’t even need to be super close.
I sent mine in because 75% of my DNA comes from sources unknown to me. It’s been interesting seeing what pops up.
deleted by creator
Someone help my dumb brain: what does that situation look like?
You only know your mother or father and one of their parents and have no idea of the three other grandparents?
deleted by creator
Top notch victim blaming you got there…
ETA because I don’t engage with bigots:
Imagine that, the descendants of one of the biggest genocides in history want to try and piece their history together, and use the available tools to do it with, fucking shocker…
Then, when they continue getting targeted just for existing, privileged ignorant bigots who couldn’t even imagine what having over 90% of their community gassed is like, and have never been oppressed for who they are a day in their lives, simply can’t help themselves but jump to justify them being attacked again:tHe bAstArDs dEseRve eVerYthInG tHey GeT!!11
And somehow not a word about the attackers, nor the company that failed its customers.
Sure, antisemitic Jan…🙄🙄🙄
“I can’t believe this incredibly obvious thing happened!” Isn’t really victim blaming, is it? They’re not saying they did it to themselves or they deserved it, they’re saying that this was bound to happen and people volunteered their DNA to a private company
… Therefore blaming them for using the service.
Why even have a capitalist economy if private businesses can just abuse people like that and the customer is routinely blamed for participating in the economy the only way they’re allowed to?
Thanks!
As if victim blaming is always wrong.
It is
E. g. if somebody loses money in a multilevel marketing scheme, is it wrong to blame the victim? Or is not every victim a victim?
Regarding your edit, that’s assuming a bit too much to defend your point.
But that’s what I asked for, your reason why there is no responsibility on the side of the victims.
To engage with that line of thinking: if you leave agency at people, you can ask why one would trust a company with that data when every conspiracy theorist doesn’t use that service specifically because of the risk of genocide.
But you are right, there are valid reasons to take the risk.
It’s always wrong to blame the victim, yes. You just genuinely don’t believe they actually are victims, and if you want to have that debate, be honest and have it. But you don’t get to recognize their victimhood and then invalidate it by implying their suffering is partly their fault.
Is this a choice of words issue? Saying that somebody could have prevented something and with that knowledge should prevent it next time doesn’t change victimhood for me. The suffering of the victim remains.
What is lost if the victim had some agency? Is there some metaphysical aspect to it? Are victims prechosen by fate and it’s a sacrilege to question their fate?
I can agree that a zebra being killed by lions shouldn’t be blamed. But a person who ignores advice from friends and joines a multilevel marketing scheme is not entirely innocent.
Because attributing any blame to a victim is always a sleazy attempt to shift all responsibility for a situation away from the aggressor and onto the victim. It’s a common abuse tactic.
Plus, most people really aren’t capable of doing what they need to do in life-threatening or abusive situations. Adults really don’t have as much agency as they like to pretend they do, and I personally am tired of being dishonest about it.
I say that as one of the people who has been abused partly through their own failings and iniquities. I don’t call myself a victim. I’m also not an average representative of people in abusive situations – I have always been and always was capable of doing far more than most other people, and so I am telling you from that experience that you cannot attribute any responsibility for a situation on a victim like that. Most people are just NPCs and you need to respect that.
There are a lot of dumb people that wanted to know they were a pure breed European or something to brag about like an IQ test
But they trusted [youtuber]!!!
You say that like it’s a negative thing.
Some people actually want to know things and are curious about where they came from, what they’re made of, who their family is.
Submitting your DNA can increase your knowledge. It sounds like you can’t believe people would seek knowledge.
I’d love to know all of that. I just don’t ever trust a private corporation to safeguard my highly personal and unique DNA information from:
- a foreign scammer looking to make a buck
- my government looking to close a case
- a foreign government looking for kompromat
- a health care company looking for reasons to deny coverage.
It’s too easy for a company to skimp on staff and digital security and then say “we’re soooo sowwwy, have 3 months of identity fraud protection on us” if they find a breach.
The point I think you could be missing is that the organizations which do this have been at best irresponsible, at worst negligent, in protecting customers personal information. There are obviously benefits to
thisa genetic record. Preserving a comprehensive genetic record for future generations to study is one. A database for law enforcement to use to solve very serious crimes like murder and rape. All that would be wonderful, but that information is already being misused and abused. Most people, myself included, don’t think these organizations will ever be responsible to their customers cause who the hell would believe that these days?
The company said its systems were not breached and that attackers gathered the data by guessing the login credentials of a group of users and then scraping more people’s information from a feature known as DNA Relatives.
The information does not appear to include actual, raw genetic data.
This doesn’t absolve them of anything. If you see thousands of accounts being individually logged in from the same block of IP addresses, and those users have never logged in from there before. That should raise red flags. No, Fred from California shouldn’t be logging in from a vpn based out of Ireland right after Anne from NY logged in from that same VPN from Ireland.
Users are dumb. This is why there’s tools to track odd behavior and clamp down on it.
“This doesn’t absolve them of anything”
Of course it does. “Security” based on behaviour tracking is not the expected default like you are making it to be. (neither should it be.)
Thats how my bank tracks my money, and while it might be mildly annoying to make a quick call to reactivate my card if I triggered a red flag, it is absolutely a well appreciated and useful safety feature that I am glad my bank employs.
Why would I not expect the same level of security for a piece of my medical data? Thats just as important as my money.
I’m sorry, but what behavior tracking would be enabled here to detect that thousands of accounts are logging in from the same ASN that the accounts don’t identify as being in?
They have your address… They sent you the spit tube kit. and it’s probably in your profile that you willingly give them. What “tracking” is it when “hey this IP belongs to a location that’s 10000 miles away from their profile! Let’s send an email and double check!”.
And people wonder why I’m paranoid about privacy…
This is why you don’t reuse passwords
a lot of people in these comments who live in privacy-conscious bubbles and aren’t very familiar with “normal” people
there’s also this attitude that certain users never did anything wrong. YouSureAboutThat.jpg
They never signed up for anything that compromised their privacy?
Also, we all live in abodes with wooden doors and glass windows that anyone with a rock or a stick can break into. Doesn’t mean we deserve to be murdered in our sleep.
My uncle tried to get me to do this for his family tree project.
Super happy I didn’t cave to his persistence.
Wonder what the angle of targeting Jews is here? Are they trying to figure out why they’ve got stomach issues or something?
I mean, targeting jews is obvious, no? Some racial purity freaks are trying to target the genetic root of a minority group.
23andMe basically drafted up a list of as many jewish descendants as they could get, which means the lunatics can use it as an easy list of targets.
Heres hoping the fuckers get caught before they can do anything with the data.
Wonder what the angle of targeting Jews is here?
…are you seriously asking? I can’t figure out if you’re trolling here. I’m going to go out on a limb and guess it wasn’t breached by a group of geneticists looking to cure Tay-Sachs.
The full picture of why the data was stolen, how much more the attackers have, and whether it is actually focused entirely on Ashkenazim is still unclear.
From the article. Way to sensationalize a title…
I am a 23andMe user, and yes I voluntarily sent them my DNA sample. Shit on me all you want. You probably don’t have to live with multiple genetic conditions, chronic illnesses, and have a family history of several more.
Must be nice to be privileged with a healthy body and to get to care about privacy concerns instead wondering which genetic condition you’ll die of first.
I think you are also cursed with the gene that makes you a dick.
Obviously there’s good and bad reasons to get tested.
The point is to be more mindful of who you share your data with. It’s to protect yourself, not to make you feel like a fool.
Read the rest of the comments here before you comment. Everyone is bashing 23andMe users and the bubble they live in while the irony is completely lost on them.
Your so called ‘obvious reasons’ are anything but obviously to the average lemmy user who will find every excuse to feel superior about their niche privacy loving community with no clue how the real world works.
But… isnt that what doctors are for? Like, the people who have multiple government mandated levels of security around your data? And medical expertise in which genetic conditions you will die of first?
You’re excuse is such garbage it’s beyond stupid. You’ve got health concerns so you willingly gave up your privacy to a tech company… instead of going through, y’know the medical system which has checks and balances for this purpose.
You’re the people they want to be their victims. Ignorant people driven by fear.
I’ve got nothing to hide
That’s not the point.
It’s a meme… people are fucking stupid and will say this every single fucking time privacy is brought up.
/s is your friend.
Gotcha.
since when religion is part of the DNA?
Idiots believe their personal information was safe, with a private company.
For real, they already share it with the government which is the real danger anyways.
Nononono! It’s only dangerous if your government turns fascist and tries to harm you.
Oh!
Wait a second…
