At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it’s working to verify the data.
At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it’s working to verify the data.
This doesn’t absolve them of anything. If you see thousands of accounts being individually logged in from the same block of IP addresses, and those users have never logged in from there before. That should raise red flags. No, Fred from California shouldn’t be logging in from a vpn based out of Ireland right after Anne from NY logged in from that same VPN from Ireland.
Users are dumb. This is why there’s tools to track odd behavior and clamp down on it.
“This doesn’t absolve them of anything”
Of course it does. “Security” based on behaviour tracking is not the expected default like you are making it to be. (neither should it be.)
Thats how my bank tracks my money, and while it might be mildly annoying to make a quick call to reactivate my card if I triggered a red flag, it is absolutely a well appreciated and useful safety feature that I am glad my bank employs.
Why would I not expect the same level of security for a piece of my medical data? Thats just as important as my money.
I’m sorry, but what behavior tracking would be enabled here to detect that thousands of accounts are logging in from the same ASN that the accounts don’t identify as being in?
They have your address… They sent you the spit tube kit. and it’s probably in your profile that you willingly give them. What “tracking” is it when “hey this IP belongs to a location that’s 10000 miles away from their profile! Let’s send an email and double check!”.