At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it’s working to verify the data.

  • ikiru
    link
    fedilink
    861 year ago

    I can’t believe people voluntarily sent them their DNA.

    • @batmangrundies
      link
      761 year ago

      The worst part is it you have enough family members who used these services your details are likely on there too.

      • @[email protected]
        link
        fedilink
        161 year ago

        Though if neither a father nor his sons have submitted their DNA, the service will lack all that Y-DNA though, right? I’m glad I made the right decision to not send in my DNA to those sites, despite my sisters hounding me to do it after our dad refused, lol.

        It’s a shame though, because family genetic networking is interesting, but it just goes to show you can’t trust these companies. (Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information)

        • @[email protected]
          link
          fedilink
          291 year ago

          Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information

          There’s nothing special or new or unique or unforseen about the security requirements of 23andMe.

          They absolutely failed to implement an appropriate level of security measures for their service.

          Mandatory 2FA could’ve prevented this.

          • @Parabola
            link
            61 year ago

            Part of the issue is the average person using a service like this, and people comfortable with MFA don’t really overlap.

            • @clanginator
              link
              121 year ago

              I mean, too bad. You’re accessing the results of your genetic data that contain sensitive personal information on relatives as well as yourself. Banks require 2FA, and people figure out how to use that.

              • @Parabola
                link
                11 year ago

                Oh I didn’t miss that. Would it be a good business decision for nascar to force people wanting to buy live tickets to eat a vegan meal?

        • @[email protected]
          link
          fedilink
          English
          111 year ago

          Y chromosomes have very little information on them, and the DNA there is pretty highly conserved. You’re not really keeping any secrets by hiding your Y chromosome away.

        • @GentriFriedRice
          link
          5
          edit-2
          1 year ago

          It’s not really like they are storing DNA sequences anyways. They use a genotyping array which just reads ~650k single nucleotide polymorphisms (SNPs).

          An analogy would be 23andme has a 6.4mil page book of DNA for a single customer but they only know the position and letter of single character on every tenth page. Sure it’s enough to identify someone (You can confidently use 50 SNPs to identify these days) but it’s not like 23andme was ever storing a whole genome

    • Avid Amoeba
      link
      fedilink
      181 year ago

      They also sent your DNA involuntarily. You can be IDed of someone in your genetic vicinity has sent theirs. They don’t even need to be super close.

    • @jordanlund
      link
      161 year ago

      I sent mine in because 75% of my DNA comes from sources unknown to me. It’s been interesting seeing what pops up.

      • ᦓρɾιƚҽ
        link
        fedilink
        English
        31 year ago

        I’d do mine if I had some spare money, because I’m in the exact same boat. 75% unknown.

        • @Z4rK
          link
          English
          31 year ago

          Someone help my dumb brain: what does that situation look like?

          You only know your mother or father and one of their parents and have no idea of the three other grandparents?

    • DessertStorms
      link
      fedilink
      8
      edit-2
      1 year ago

      Top notch victim blaming you got there…

      ETA because I don’t engage with bigots:
      Imagine that, the descendants of one of the biggest genocides in history want to try and piece their history together, and use the available tools to do it with, fucking shocker…
      Then, when they continue getting targeted just for existing, privileged ignorant bigots who couldn’t even imagine what having over 90% of their community gassed is like, and have never been oppressed for who they are a day in their lives, simply can’t help themselves but jump to justify them being attacked again:

      tHe bAstArDs dEseRve eVerYthInG tHey GeT!!11

      And somehow not a word about the attackers, nor the company that failed its customers.

      Sure, antisemitic Jan…🙄🙄🙄

      • @[email protected]
        link
        fedilink
        English
        191 year ago

        “I can’t believe this incredibly obvious thing happened!” Isn’t really victim blaming, is it? They’re not saying they did it to themselves or they deserved it, they’re saying that this was bound to happen and people volunteered their DNA to a private company

    • @BitingChaos
      link
      English
      21 year ago

      You say that like it’s a negative thing.

      Some people actually want to know things and are curious about where they came from, what they’re made of, who their family is.

      Submitting your DNA can increase your knowledge. It sounds like you can’t believe people would seek knowledge.

      • @[email protected]
        link
        fedilink
        121 year ago

        I’d love to know all of that. I just don’t ever trust a private corporation to safeguard my highly personal and unique DNA information from:

        • a foreign scammer looking to make a buck
        • my government looking to close a case
        • a foreign government looking for kompromat
        • a health care company looking for reasons to deny coverage.

        It’s too easy for a company to skimp on staff and digital security and then say “we’re soooo sowwwy, have 3 months of identity fraud protection on us” if they find a breach.

      • @[email protected]
        link
        fedilink
        6
        edit-2
        1 year ago

        The point I think you could be missing is that the organizations which do this have been at best irresponsible, at worst negligent, in protecting customers personal information. There are obviously benefits to this a genetic record. Preserving a comprehensive genetic record for future generations to study is one. A database for law enforcement to use to solve very serious crimes like murder and rape. All that would be wonderful, but that information is already being misused and abused. Most people, myself included, don’t think these organizations will ever be responsible to their customers cause who the hell would believe that these days?

    • @Sgt_choke_n_stroke
      link
      21 year ago

      There are a lot of dumb people that wanted to know they were a pure breed European or something to brag about like an IQ test