SIGforum
23andMe...and some hackers

This topic can be found at:
https://sigforum.com/eve/forums/a/tpc/f/320601935/m/3240041505

December 04, 2023, 05:29 PM
parabellum
23andMe...and some hackers
Gee, WHAT a surprise! Shocked am I. Shocked, I say!

23andMe confirms hackers accessed data of 6.9 million users
December 04, 2023, 05:47 PM
OttoSig
I wish yall could spend one night at work with me, this wouldn’t even make your radar.

Technology, AI, and other things are making it so easy that you don’t even have to be skilled to do stupid shit like this any more.




Nine years to retirement! Just waiting!
December 04, 2023, 05:51 PM
radioman
Who do I contact about changing my results?

There are a few things I'd like to add in, and a few things I'd like less of.


.
December 04, 2023, 06:22 PM
1s1k
Probably an alphabet agency. Yes very shocking I tell ya.
December 04, 2023, 06:24 PM
parabellum
quote:
Originally posted by radioman:
Who do I contact about changing my results?
The Lord, thy God
December 04, 2023, 06:27 PM
RogueJSK
quote:
Hackers were able to breach those accounts because the customers had used the same username and password on 23andMe as they had on other websites that had been previously compromised.


Well, there's your problem right there.

It doesn't take a sophisticated hacker, or really any skill at all, if users are lazy/complacent enough to reuse usernames and passwords on multiple sites. If you do that, and just one of the sites gets hacked and user info posted on the dark web (like happens all the damn time with simple websites without robust security, like webstores and forums), they can then go on to access all your shit on every site.

It doesn't matter how good 23andMe's security is, if your "same on every site" username and password got hacked last year from Joe Schmoe's Bait & Tackle Supply Dot Com. They can just log right in as you.

Don't. Reuse. Passwords.
And if the website allows it, use Two Factor Authentication.
December 04, 2023, 06:49 PM
tatortodd
^^^ It's worse than that. If you have a lazy or unsophisticated relative who used the same password on 23andMe then your informations may have been stolen.
quote:
y accessing those accounts to access "Credential Stuffed Accounts," hackers were able to access roughly 5.5 million DNA Relatives profile files. An additional 1.4 million customers participating in the DNA Relatives feature had their Family Tree profile information access, which is a limited subset of the DNA Relative profile information.



Ego is the anesthesia that deadens the pain of stupidity

DISCLAIMER: These are the author's own personal views and do not represent the views of the author's employer.