At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it’s working to verify the data.

  • vlad
    link
    fedilink
    1781 year ago

    And that’s exactly what people were worried might happen.

    • @kn33
      link
      English
      861 year ago

      This was incredibly predictable

  • @[email protected]
    link
    fedilink
    971 year ago

    If people were actually taught history they would have known exactly what their genetic information being in a registry would result in.

  • ikiru
    link
    fedilink
    861 year ago

    I can’t believe people voluntarily sent them their DNA.

    • @batmangrundies
      link
      761 year ago

      The worst part is it you have enough family members who used these services your details are likely on there too.

      • @[email protected]
        link
        fedilink
        161 year ago

        Though if neither a father nor his sons have submitted their DNA, the service will lack all that Y-DNA though, right? I’m glad I made the right decision to not send in my DNA to those sites, despite my sisters hounding me to do it after our dad refused, lol.

        It’s a shame though, because family genetic networking is interesting, but it just goes to show you can’t trust these companies. (Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information)

        • @[email protected]
          link
          fedilink
          291 year ago

          Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information

          There’s nothing special or new or unique or unforseen about the security requirements of 23andMe.

          They absolutely failed to implement an appropriate level of security measures for their service.

          Mandatory 2FA could’ve prevented this.

          • @Parabola
            link
            61 year ago

            Part of the issue is the average person using a service like this, and people comfortable with MFA don’t really overlap.

            • @clanginator
              link
              121 year ago

              I mean, too bad. You’re accessing the results of your genetic data that contain sensitive personal information on relatives as well as yourself. Banks require 2FA, and people figure out how to use that.

              • @Parabola
                link
                11 year ago

                Oh I didn’t miss that. Would it be a good business decision for nascar to force people wanting to buy live tickets to eat a vegan meal?

        • @[email protected]
          link
          fedilink
          English
          111 year ago

          Y chromosomes have very little information on them, and the DNA there is pretty highly conserved. You’re not really keeping any secrets by hiding your Y chromosome away.

        • @GentriFriedRice
          link
          5
          edit-2
          1 year ago

          It’s not really like they are storing DNA sequences anyways. They use a genotyping array which just reads ~650k single nucleotide polymorphisms (SNPs).

          An analogy would be 23andme has a 6.4mil page book of DNA for a single customer but they only know the position and letter of single character on every tenth page. Sure it’s enough to identify someone (You can confidently use 50 SNPs to identify these days) but it’s not like 23andme was ever storing a whole genome

    • Avid Amoeba
      link
      fedilink
      181 year ago

      They also sent your DNA involuntarily. You can be IDed of someone in your genetic vicinity has sent theirs. They don’t even need to be super close.

    • @jordanlund
      link
      161 year ago

      I sent mine in because 75% of my DNA comes from sources unknown to me. It’s been interesting seeing what pops up.

      • ᦓρɾιƚҽ
        link
        fedilink
        English
        31 year ago

        I’d do mine if I had some spare money, because I’m in the exact same boat. 75% unknown.

        • @Z4rK
          link
          English
          31 year ago

          Someone help my dumb brain: what does that situation look like?

          You only know your mother or father and one of their parents and have no idea of the three other grandparents?

    • DessertStorms
      link
      fedilink
      8
      edit-2
      1 year ago

      Top notch victim blaming you got there…

      ETA because I don’t engage with bigots:
      Imagine that, the descendants of one of the biggest genocides in history want to try and piece their history together, and use the available tools to do it with, fucking shocker…
      Then, when they continue getting targeted just for existing, privileged ignorant bigots who couldn’t even imagine what having over 90% of their community gassed is like, and have never been oppressed for who they are a day in their lives, simply can’t help themselves but jump to justify them being attacked again:

      tHe bAstArDs dEseRve eVerYthInG tHey GeT!!11

      And somehow not a word about the attackers, nor the company that failed its customers.

      Sure, antisemitic Jan…🙄🙄🙄

      • @[email protected]
        link
        fedilink
        English
        191 year ago

        “I can’t believe this incredibly obvious thing happened!” Isn’t really victim blaming, is it? They’re not saying they did it to themselves or they deserved it, they’re saying that this was bound to happen and people volunteered their DNA to a private company

    • @Sgt_choke_n_stroke
      link
      21 year ago

      There are a lot of dumb people that wanted to know they were a pure breed European or something to brag about like an IQ test

    • @BitingChaos
      link
      English
      21 year ago

      You say that like it’s a negative thing.

      Some people actually want to know things and are curious about where they came from, what they’re made of, who their family is.

      Submitting your DNA can increase your knowledge. It sounds like you can’t believe people would seek knowledge.

      • @[email protected]
        link
        fedilink
        121 year ago

        I’d love to know all of that. I just don’t ever trust a private corporation to safeguard my highly personal and unique DNA information from:

        • a foreign scammer looking to make a buck
        • my government looking to close a case
        • a foreign government looking for kompromat
        • a health care company looking for reasons to deny coverage.

        It’s too easy for a company to skimp on staff and digital security and then say “we’re soooo sowwwy, have 3 months of identity fraud protection on us” if they find a breach.

      • @[email protected]
        link
        fedilink
        6
        edit-2
        1 year ago

        The point I think you could be missing is that the organizations which do this have been at best irresponsible, at worst negligent, in protecting customers personal information. There are obviously benefits to this a genetic record. Preserving a comprehensive genetic record for future generations to study is one. A database for law enforcement to use to solve very serious crimes like murder and rape. All that would be wonderful, but that information is already being misused and abused. Most people, myself included, don’t think these organizations will ever be responsible to their customers cause who the hell would believe that these days?

  • @[email protected]
    link
    fedilink
    391 year ago

    The company said its systems were not breached and that attackers gathered the data by guessing the login credentials of a group of users and then scraping more people’s information from a feature known as DNA Relatives.

    The information does not appear to include actual, raw genetic data.

    • Saik0
      link
      fedilink
      English
      351 year ago

      This doesn’t absolve them of anything. If you see thousands of accounts being individually logged in from the same block of IP addresses, and those users have never logged in from there before. That should raise red flags. No, Fred from California shouldn’t be logging in from a vpn based out of Ireland right after Anne from NY logged in from that same VPN from Ireland.

      Users are dumb. This is why there’s tools to track odd behavior and clamp down on it.

      • @skippedtoc
        link
        8
        edit-2
        1 year ago

        “This doesn’t absolve them of anything”

        Of course it does. “Security” based on behaviour tracking is not the expected default like you are making it to be. (neither should it be.)

        • @[email protected]
          link
          fedilink
          21 year ago

          Thats how my bank tracks my money, and while it might be mildly annoying to make a quick call to reactivate my card if I triggered a red flag, it is absolutely a well appreciated and useful safety feature that I am glad my bank employs.

          Why would I not expect the same level of security for a piece of my medical data? Thats just as important as my money.

          • @skippedtoc
            link
            -11 year ago

            Why would I not expect the same level of security for a piece of my medical data?

            Because it’s not a bank.

            Thats just as important as my money.

            Unless you are super rich and have a lot of throwaway money, it’s a false over exaggeration.

            • @[email protected]
              link
              fedilink
              21 year ago

              You understand that same level of security is used by hospitals, yes? Do you think hospitals are banks?

              Ah, an over exaggeration. Ill tell that to all the jews whose data got targeted and stolen. Im sure it was harmless.

              • @skippedtoc
                link
                11 year ago

                You understand that same level of security is used by hospitals, yes?

                No, not all hospitals at least.

                Ill tell that to all the jews whose data got targeted and stolen.

                Sure, go ahead. You have my permission.

                Im sure it was harmless.

                I don’t know why you are sure of it. It could cause harm even if you can’t think of what harm it will cause.

                Your brain works differently from mine. Your idea of protecting your data is to give away and even force them to collect more data on you. Mine to make them collect less data.

                • @[email protected]
                  link
                  fedilink
                  11 year ago

                  Your brain short circuits at sarcasm, so Im not really expecting much from it.

                  If you are already giving valued medical data to someone, the simple act of checking the ip of login and sending a “was this you?” email isnt even remotely the level of data loss you want to pretend it is.

                  Its common sense to protect your user, and your database, from phishing. If you want to genuinely claim that phishing protections for medical data is bad, by all means. You already sound like a fool, may as well set the stone.

        • Saik0
          link
          fedilink
          English
          11 year ago

          I’m sorry, but what behavior tracking would be enabled here to detect that thousands of accounts are logging in from the same ASN that the accounts don’t identify as being in?

          They have your address… They sent you the spit tube kit. and it’s probably in your profile that you willingly give them. What “tracking” is it when “hey this IP belongs to a location that’s 10000 miles away from their profile! Let’s send an email and double check!”.

          • @skippedtoc
            link
            21 year ago

            hey this IP belongs to a location that’s 10000 miles away from their profile!

            This means you are tracking the information that I have moved or am currently am at 10000 miles whatever place. You have no business knowing where I move to. It is kind of tracking as you are collecting more info than you need to in the name of “Security”.

            If I think my data on a website is important enough I will make the password there random and complex enough not to be guessed or brute forced. I don’t need your extra tracking.

            They can increase security by matching address. Sure. The can also increase security by checking everything on your pc and house to figure out if you are you. I don’t need it.

            Let’s send an email and double check!.

            That’s a different point. They should always provide an option for 2nd or extra authentication for people who want it. But it doesn’t need any other info than that I want 2fa.

            More i

            • Saik0
              link
              fedilink
              English
              11 year ago

              This means you are tracking the information that I have moved or am currently am at 10000 miles whatever place.

              An ip lookup isn’t tracking jack shit. You are demonstrating that you don’t understand how technology works.

              You furnished your address to the service (by function of how the service works), you accessed the site which exposes your IP. An IP lookup it’s tracking. If you truly believe it is… Hoo boy you should spin up an apache server and look at the logs.

              • @skippedtoc
                link
                21 year ago

                An ip lookup isn’t tracking jack shit.

                Sigh! now you are arguing on definition of tracking. Which is pointless as you can replace that word with whatever you are comfortable with.

                You are demonstrating that you don’t understand how technology works.

                Perhaps. But the since concept of ip hasn’t changed much since the internet became public it’s doubtful that don’t understand ip.

                you accessed the site which exposes your IP.

                Yes. Doesn’t mean you have to save my ip address that I used. Or even the general location I used it from even if it will increase security.

                apache server and look at the logs.

                Shrug. What does that means? You can control the info logged in server and also if you choose to keep it or classify it.

                • @[email protected]
                  link
                  fedilink
                  English
                  11 year ago

                  Doesn’t mean you have to save my ip address that I used.

                  The most basic webserver keeps access logs. It will save “this person logged in at this address” or some data about the session regardless if it’s looked back on later.

                • Saik0
                  link
                  fedilink
                  English
                  0
                  edit-2
                  1 year ago

                  Yes. Doesn’t mean you have to save my ip address that I used.

                  Who the fuck said anything about saving an IP?

                  Or even the general location I used it from even if it will increase security.

                  IP lookups are not “saving your location”.

                  Shrug. What does that means? You can control the info logged in server and also if you choose to keep it or classify it.

                  No… Not at all. If you reach out to my server, my server has to know where to send the data back to. Part of this process can be an IP lookup that actually identifies where your ASN is based out of. There is no way around this… the request MUST have IP information. Nobody said shit about logging anything. And logging IPs is not required to do anything that I’ve mentioned.

                  Sigh! now you are arguing on definition of tracking.

                  No… I’m arguing pedantic shit. I’m telling you what actually happens and what the actual definition is.

                  Edit: To the point. I actually do IP lookups to BLOCK specific countries in my router. Using a database like maxmind you can get a general idea of location without knowing anything specific at all. So it goes 1 step further to run a check on if your current ASN is even remotely close to your known location. If not, fire off email. nothing about this requires any logging or outside information than what you already gave the company in this case. Other fields use these mechanisms that are well regulated and nobody else except for you calls this “tracking”.

  • @BertramDitore
    link
    English
    311 year ago

    And people wonder why I’m paranoid about privacy…

  • @[email protected]
    link
    fedilink
    231 year ago

    a lot of people in these comments who live in privacy-conscious bubbles and aren’t very familiar with “normal” people

    • @[email protected]
      link
      fedilink
      111 year ago

      there’s also this attitude that certain users never did anything wrong. YouSureAboutThat.jpg

      They never signed up for anything that compromised their privacy?

      Also, we all live in abodes with wooden doors and glass windows that anyone with a rock or a stick can break into. Doesn’t mean we deserve to be murdered in our sleep.

    • @[email protected]
      link
      fedilink
      6
      edit-2
      1 year ago

      The fact that big companies collect and sell your data is common knowledge now, definitely not something esoteric that only people in privacy-conscious bubbles know of. However, “normal” people refuse to not follow every trend or get inconvenienced.

  • @[email protected]
    link
    fedilink
    151 year ago

    The full picture of why the data was stolen, how much more the attackers have, and whether it is actually focused entirely on Ashkenazim is still unclear.

    From the article. Way to sensationalize a title…

  • @S_204
    link
    English
    101 year ago

    My uncle tried to get me to do this for his family tree project.

    Super happy I didn’t cave to his persistence.

    Wonder what the angle of targeting Jews is here? Are they trying to figure out why they’ve got stomach issues or something?

    • @[email protected]
      link
      fedilink
      161 year ago

      Wonder what the angle of targeting Jews is here?

      …are you seriously asking? I can’t figure out if you’re trolling here. I’m going to go out on a limb and guess it wasn’t breached by a group of geneticists looking to cure Tay-Sachs.

    • @[email protected]
      link
      fedilink
      131 year ago

      I mean, targeting jews is obvious, no? Some racial purity freaks are trying to target the genetic root of a minority group.

      23andMe basically drafted up a list of as many jewish descendants as they could get, which means the lunatics can use it as an easy list of targets.

      Heres hoping the fuckers get caught before they can do anything with the data.

      • @S_204
        link
        English
        01 year ago

        You think there’s a group that’s going to take this as a hit list?

        I know shits going downhill but I didn’t think I needed to start thinking about packing bags…

        • @[email protected]
          link
          fedilink
          51 year ago

          I dont wanna scaremonger or anything but, like… what the fuck else would they use that data for?

          • @MalachaiConstant
            link
            31 year ago

            As a power fantasy mostly. They might pass it around and use it to jerk each other off but not much more than that. The problem is, it’s only a fantasy until it makes it’s way into the hands of someone with the means and derangement to act on it: two qualities which, depending on where you live, can be unsettlingly easy to come by

  • @Rachelhazideas
    link
    3
    edit-2
    1 year ago

    I am a 23andMe user, and yes I voluntarily sent them my DNA sample. Shit on me all you want. You probably don’t have to live with multiple genetic conditions, chronic illnesses, and have a family history of several more.

    Must be nice to be privileged with a healthy body and to get to care about privacy concerns instead wondering which genetic condition you’ll die of first.

    ITT: People who have never experienced medical gaslighting before. Think about the relevance of your experiences before commenting. ITT: People who don’t live with chronic ille

    • @madcaesar
      link
      131 year ago

      I think you are also cursed with the gene that makes you a dick.

      Obviously there’s good and bad reasons to get tested.

      The point is to be more mindful of who you share your data with. It’s to protect yourself, not to make you feel like a fool.

      • @Rachelhazideas
        link
        -21 year ago

        Read the rest of the comments here before you comment. Everyone is bashing 23andMe users and the bubble they live in while the irony is completely lost on them.

        Your so called ‘obvious reasons’ are anything but obviously to the average lemmy user who will find every excuse to feel superior about their niche privacy loving community with no clue how the real world works.

    • @S_204
      link
      English
      21 year ago

      You’re excuse is such garbage it’s beyond stupid. You’ve got health concerns so you willingly gave up your privacy to a tech company… instead of going through, y’know the medical system which has checks and balances for this purpose.

      You’re the people they want to be their victims. Ignorant people driven by fear.

      • @Rachelhazideas
        link
        41 year ago

        instead of going through, y’know the medical system which has checks and balances for this purpose.

        This is the single dumbest take on healthcare I have ever heard. You’ve clearly never had to deal with extensive medical issues or chronic illnesses, or you’re a straight white guy in your 30s and have the privilege of being believed by your doctor.

        I’ve been forcefully misdiagnosed with ‘anxiety’ by so many doctors who wouldn’t listen to me. No one gave a shit until I threatened to report them to the medical board. That’s the only time they took my symptoms seriously and bothered to do a blood test, where they were proven wrong. No amount of sorry from them will undo the damage they’ve done.

        This was one of 5 incidences where I had to advocate for my own health against the doctor’s preconceptions because theywould rather diagnose me based on my age and gender rather than my symptoms.

        Medical gaslighting is a pervasive issue that disproportionately affects women, POC, young people, and LGBTQ. It’s a systemic issue that kills people through medical neglect. I would be dead by now had I not fought this hard for my own diagnoses.

        The fact that you think modern health care is some pristine and fully reliable process instead of the shit show it is just speaks of how little you’ve had to deal with. Sit down and check yourself before taking about ignorance.

    • @[email protected]
      link
      fedilink
      01 year ago

      But… isnt that what doctors are for? Like, the people who have multiple government mandated levels of security around your data? And medical expertise in which genetic conditions you will die of first?

        • @[email protected]
          link
          fedilink
          01 year ago

          So, you want to blame your local physicians being incompetent for you putting your safety in the hands of less qualified people?

          You arent the only victim of medical malpractice. That doesnt make it smart, sane, or even straightforward to trust a knock off elon musk with your health, that means you have to look for a competent doctor.

          Is that hard? Is it scary? Yes, obviously. Welcome to the world, where scary shit happens to you for no reason sometimes. But malpractice isnt a reason to put yourself further at risk. As evidenced by the now millions of jewish patients whose safety is now likely at risk.

          • @Rachelhazideas
            link
            01 year ago

            You don’t seem to understand what a systemic issue is if you think this is because of a few ‘local physicians’ or just one case of ‘malpractice’. If you think this is something that can be resolved from looking for ‘one competent doctor’, you have no idea how impossible it is to find a team of 1 PCP and 5 specialists who all happen to give a shit, and what to do when you need to go to the ER which is another hellhole of it’s own.

            You can come back to this discussion when you show some understanding of how extensive this issue is.

            • @[email protected]
              link
              fedilink
              11 year ago

              I am speaking from a decade of experience trying to have a correct diagnosis. I dont know how to tell you this, but you are not the first person to have a doctor dismiss them.

              Thats still not an excuse to put yourself further at risk. You can come back to this discussion when you show some understanding of how vastly serious this data breach is.

              • @Rachelhazideas
                link
                -11 year ago

                Not wanting to die of medical neglect is a reason, not an excuse.

                I don’t need excuses or your permission to not kill myself.

                • @[email protected]
                  link
                  fedilink
                  01 year ago

                  Man, that is such a bullshit pretend nonsense claim.

                  Your only option, the only thing you could do, was sell your data to a data aggregator?

                  What a bold faced lie.

      • @NightAuthor
        link
        English
        111 year ago

        It’s a meme… people are fucking stupid and will say this every single fucking time privacy is brought up.

          • @NightAuthor
            link
            English
            31 year ago

            It takes so much work to successfully pull off sarcasm in text. I’m still working on it, it’s a craft I hope to master some day. But the fun in it is the ambiguity, so adding a /s takes all the fun out of it. But ideally only a select few get whooshed.

            • @[email protected]
              link
              fedilink
              2
              edit-2
              1 year ago

              Honestly it has seemed like a fool’s errand to me, especially because sometimes I get wooshed, but best of luck.

  • Syo
    link
    fedilink
    -31 year ago

    Idiots believe their personal information was safe, with a private company.

    • Vode An
      link
      fedilink
      -101 year ago

      For real, they already share it with the government which is the real danger anyways.

      • Sibelius Ginsterberg
        link
        fedilink
        101 year ago

        Nononono! It’s only dangerous if your government turns fascist and tries to harm you.

        Oh!

        Wait a second…