Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.
posted by martyb on Friday December 08 2023, @12:29AM   Printer-friendly
from the remember:-they-can't-use-what-they-don't-have dept.

Hackers have been able to gain access to personal information from about 6.9 million users of genetic testing company 23andMe, using customers' old passwords:

In some cases this included family trees, birth years and geographic locations, the company said.

After weeks of speculation the firm has put a number on the breach, with more than half of its customers affected.

The stolen data does not include DNA records.

[...] As was first reported by Tech Crunch, the company has acknowledged that by accessing those accounts, hackers were then able to find their way into "a significant number of files containing profile information about other users' ancestry".

The criminals downloaded not just the data from those accounts but the private information of all other users they had links to across the sprawling family trees on the website.

The stolen data includes information like names, how each person is linked and in some cases birth years, locations, pictures, addresses and the percentage of DNA shared with relatives.

I'm with Bill Burr on this.

See also: 23andMe Says Private User Data is Up for Sale After Being Scraped


Original Submission

 
This discussion was created by martyb (76) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Reziac on Saturday December 09 2023, @02:52AM (2 children)

    by Reziac (2489) on Saturday December 09 2023, @02:52AM (#1335862) Homepage

    And my first thought was... the genetic data is processed in China. Explain to me where the expectation of privacy was in the first place??

    Unfortunately, yeah, most people would have no such thought, and would expect better. Terms of Service or no.

    --
    And there is no Alkibiades to come back and save us from ourselves.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by RS3 on Saturday December 09 2023, @03:02AM (1 child)

    by RS3 (6367) on Saturday December 09 2023, @03:02AM (#1335864)

    genetic data is processed in China

    I didn't know that. That's horrific.

    Ever read a "terms of service" or "privacy agreement"? They always say they "value your privacy", which means your private data has value. But worse, they also always say "we may share your data with our "trusted partners". WTF!! Who are they? What are their privacy policies?

    I don't know what it's going to take, but I hope I live to see the day when governments start passing extremely strong privacy laws with large criminal penalties for lax safeguards. Hopefully it'll discourage most collection and storage of our info.

    Brother reported his 20andMe account wasn't one that was hacked, and from 23andMe:

    - *The threat actor was able to access less than 0.1%, or roughly 14,000
          user accounts, of the existing 14 million 23andMe customers through
          credential stuffing. *
          - *The threat actor used the compromised credential stuffed accounts to
          access the information included in a significant number of DNA Relatives
          profiles (approximately 5.5 million) and Family Tree feature profiles
          (approximately 1.4 million), each of which were connected to the
          compromised accounts.*

    So I asked him if his (and mine) might have been scooped up with someone else's that was hacked. Haven't heard back yet...

    • (Score: 3, Insightful) by Reziac on Saturday December 09 2023, @03:44AM

      by Reziac (2489) on Saturday December 09 2023, @03:44AM (#1335871) Homepage

      And I can't see governments doing any such thing. They're more than happy to have everyone else scooping data, so they can buy said data without violating any "No Snooping" laws. More likely we'll get laws stating that it's A-OK to do so.

      Word from disparate sources (so likely to be somewhat true) is that China is interested in pathogens that target by genome, hence....

      --
      And there is no Alkibiades to come back and save us from ourselves.