23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack.
I’m always astonished by the amount of information that people give away freely without securing it properly.
As for yet another billion dollar company’s data being stolen… well… that’s just a normal Friday. I’m not one for government intervention, especially considering how our governments act nowadays, but I seriously think that our privacy laws should be a lot more useful and a lot more severe.
I don’t even know what this company was thinking, what goes through someone’s brain to not stop for 20 seconds and think that storing this information unencrypted and just behind a simple login screen is a bad idea? Isn’t it just blatantly obvious that they should’ve used e2e encryption? Require people to generate a key before they send their sample? Or if you want to make it moron proof, was it really impossible to write a unique seed phrase on each box and require users to type that to see their PRIVATE GENETIC INFORMATION?
I’m not anti capitalism, but the audacity of certain companies especially in the us is a sight to behold
We desperately need data privacy laws like the EU. I think a lot of people are totally ignorant w/ respect to what bad actors (whether they’re hackers or private companies) can actually do with their data.
GDPR is honestly not that good, it’s a step in the right direction but it’s not even close to being a decent solution.
We should consider implementing penalties harsh enough to actually incentivize behavioral change. Ideally, we’d see a system where a failure to reform would result in fines doubling each subsequent month, ensuring that even a giant like Google feels the sting, otherwise nothing is gonna change.
I’m always astonished by the amount of information that people give away freely without securing it properly.
As for yet another billion dollar company’s data being stolen… well… that’s just a normal Friday. I’m not one for government intervention, especially considering how our governments act nowadays, but I seriously think that our privacy laws should be a lot more useful and a lot more severe.
I don’t even know what this company was thinking, what goes through someone’s brain to not stop for 20 seconds and think that storing this information unencrypted and just behind a simple login screen is a bad idea? Isn’t it just blatantly obvious that they should’ve used e2e encryption? Require people to generate a key before they send their sample? Or if you want to make it moron proof, was it really impossible to write a unique seed phrase on each box and require users to type that to see their PRIVATE GENETIC INFORMATION?
I’m not anti capitalism, but the audacity of certain companies especially in the us is a sight to behold
they wouldn’t be able to give info to the feds if it was encrypted
We desperately need data privacy laws like the EU. I think a lot of people are totally ignorant w/ respect to what bad actors (whether they’re hackers or private companies) can actually do with their data.
GDPR is honestly not that good, it’s a step in the right direction but it’s not even close to being a decent solution.
We should consider implementing penalties harsh enough to actually incentivize behavioral change. Ideally, we’d see a system where a failure to reform would result in fines doubling each subsequent month, ensuring that even a giant like Google feels the sting, otherwise nothing is gonna change.