23andMe confirms hackers stole ancestry data on 6.9 million users::Genetic testing company 23andMe revealed that its data breach was much worse than previously reported, hitting about half of its total customers.
Oh no, they know I’m 7.2% French.
You’re not. It’s all fake
Sort of, but it depends on the interpretation.
The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports, and self-reported location.
23andMe also confirmed that another group of about 1.4 million people who opted-in to DNA Relatives also “had their Family Tree profile information accessed,” which includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information, the spokesperson said.
This is of course bad but is everyone thinking that actual DNA information was copied or what? That’s what it seems like from y’all’s comments. I mean that’s a pretty easy leap to make, it’s a DNA testing company after all, but they seem pretty specific on what data got out. I don’t immediately see that this specific information is worse than say what a credit reporting agency has on you.
I can see someone nefarious blackmailing people that discovered they accidentally married their long lost sister or those who found out their father cheated on their mother or something.
The relatives thing is weird anyway. I took the 23andMe test and downloaded my raw data and wrote a script to find different marker values. The other info I provided the site probably isn’t accurate. Don’t really care if someone gets my DNA markers either cause DNA isn’t like what most people think it is.
Ah, so they’ll miss out on a few sales of all that genetic data people pay them to collect. Boohoo.
This is so predictable. Large databases are valuable targets for theft.
It seems like the vulnerability at 23 was users who used the same password on another site.
Presumably the attackers had those databases (easy to obtain peeps, thats why we use different passwords and password managers) and a good script that let them login and download. Probably over a whole lot of proxy IPs, so it was hard for 23 to see that they were under attack for a while.
Don’t know what else to say… Maybe 2 factor authentication should be more common. I guess with them you could spit on your monitor and it should log you in.
If that’s the only issue it seems a bit of a far reach to say they were breached.
data on 6.9 million users
Nice.
I assume that’s just all their users
Was looking for this one
The dot in between the 6 and the 9 is their dead baby.
So hackers can have my info, but I can’t have a copy of my own data.
Two days ago they sent an update to their TOS that they will require arbitration and to reply to their legal department to “opt out”.
I got the email from 23 and me about changing their terms of service as well (wordy for search engine optimization). I opted out of the change
Thank you. Done.
Probably not legal, but if it doesn’t get challenged…
Hey, at least they weren’t put in the Jewish Database.
deleted by creator
It also happene in 2019 to a similar company called MyHeritage: https://twitter.com/haveibeenpwned/status/1098327769660850176
Why? I mean they’re all dead why would you want to have this information how was it useful how are they going to use it?
Time traveling hackers.
Their goal? To travel back in time and establish the first spam marketing service before the FCC established guidelines to restrict spam and before the discovery of the telephone!
That’s ridiculous, it’s obvious they’re just normal hackers who are doing the very standard thing of collecting family connections and relationship data so they can locate the true scion of Jesus and unlock the secrets of the holy grail. It’s what all the scam centers and bot armies do.
deleted by creator
This is the best summary I could come up with:
On Friday, genetic testing company 23andMe announced that hackers accessed the personal data of 0.1% of customers, or about 14,000 individuals.
In an email sent to TechCrunch late on Saturday, 23andMe spokesperson Katie Watson confirmed that hackers accessed the personal information of about 5.5 million people who opted-in to 23andMe’s DNA Relatives feature, which allows customers to automatically share some of their data with others.
The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports, and self-reported location.
23andMe also confirmed that another group of about 1.4 million people who opted-in to DNA Relatives also “had their Family Tree profile information accessed,” which includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information, the spokesperson said.
Considering the new numbers, in reality, the data breach is known to affect roughly half of 23andMe’s total reported 14 million customers.
In early October, a hacker claimed to have stolen the DNA information of 23andMe users in a post on a well-known hacking forum.
The original article contains 527 words, the summary contains 179 words. Saved 66%. I’m a bot and I’m open source!
So I got an email today telling me that I would automatically accept their new ToS (which included barring me from class action lawsuits without 1-2 months of arbitration), but I could email them to refuse the change and keep the old ToS. I emailed them to refuse the change, was that a mistake?
Not a mistake, but their ToS change without consent probably wouldn’t stand up in court.
I find it hard to believe “not responding to an email” is consent. I mean they can write that in an email but there’s no way they could hold you to that in court.
It’s typical in software.
If the original contract has provisions for changing it in this manner then it might hold up in court. But of they didn’t have the foresight to include mandatory arbitration to begin with that’s unlikely the lawyers who drafted it thought that far ahead.
What I’m curious about is if my brother’s DNA was stolen. Do I have the right to sue for negligent handling of data that’s as much his as mine?
I would think so. IANAL but I’m sure there’s a ton of precedence for cases similar to this. HIPAA laws are very good for the people.
I hadn’t considered HIPAA. IANAL either but I have taken business law 101 as well as human services classes that both covered it.
If I remember right though, HIPAA isn’t a personal lawsuit. It’s the feds suing corporations for violations. I can’t like, personally sue the health industry for a violation (as far as I remember).
No
Instead of them selling it.
Supposedly not selling it…
Supposedly Facebook runs a really clean and straightforward operation, too. I hear banks are really generous as well.
I hear bitcoin investors only want to decentralize currency, too. It’s def not a scam. Totes legit. Let’s all go buy lots of bitcoins! Who wants monkey nfc’s and exploding kittens nfc’s!?
You sound pretty confused are you okay?
Sorry, “donations” like a church. Dirty government money is tax free
Good thing that these things haven’t really taken off in my home country. Otherwise, you don’t even need to submit your DNA. If enough of your stupid relatives do it, they’ll have a good idea about you.
deleted by creator
My uncle did this and I found out that I’m 3% Irish. As a Gamer, this is a Clayton Bigsby moment.
