Hackers have been able to gain access to personal information from about 6.9 million users of genetic testing company 23andMe, using customers' old passwords:
In some cases this included family trees, birth years and geographic locations, the company said.
After weeks of speculation the firm has put a number on the breach, with more than half of its customers affected.
The stolen data does not include DNA records.
[...] As was first reported by Tech Crunch, the company has acknowledged that by accessing those accounts, hackers were then able to find their way into "a significant number of files containing profile information about other users' ancestry".
The criminals downloaded not just the data from those accounts but the private information of all other users they had links to across the sprawling family trees on the website.
The stolen data includes information like names, how each person is linked and in some cases birth years, locations, pictures, addresses and the percentage of DNA shared with relatives.
I'm with Bill Burr on this.
See also: 23andMe Says Private User Data is Up for Sale After Being Scraped
(Score: 2) by Reziac on Saturday December 09 2023, @02:52AM (2 children)
And my first thought was... the genetic data is processed in China. Explain to me where the expectation of privacy was in the first place??
Unfortunately, yeah, most people would have no such thought, and would expect better. Terms of Service or no.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by RS3 on Saturday December 09 2023, @03:02AM (1 child)
I didn't know that. That's horrific.
Ever read a "terms of service" or "privacy agreement"? They always say they "value your privacy", which means your private data has value. But worse, they also always say "we may share your data with our "trusted partners". WTF!! Who are they? What are their privacy policies?
I don't know what it's going to take, but I hope I live to see the day when governments start passing extremely strong privacy laws with large criminal penalties for lax safeguards. Hopefully it'll discourage most collection and storage of our info.
Brother reported his 20andMe account wasn't one that was hacked, and from 23andMe:
So I asked him if his (and mine) might have been scooped up with someone else's that was hacked. Haven't heard back yet...
(Score: 3, Insightful) by Reziac on Saturday December 09 2023, @03:44AM
And I can't see governments doing any such thing. They're more than happy to have everyone else scooping data, so they can buy said data without violating any "No Snooping" laws. More likely we'll get laws stating that it's A-OK to do so.
Word from disparate sources (so likely to be somewhat true) is that China is interested in pathogens that target by genome, hence....
And there is no Alkibiades to come back and save us from ourselves.