this post was submitted on 26 Jan 2024
320 points (98.5% liked)

Technology

59589 readers
2891 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

23andMe admits hackers stole raw genotype data - and that cyberattack went undetected for months | Firm says it didn't realize customers were being hacked::Firm says it didn't realize customers were being hacked

you are viewing a single comment's thread
view the rest of the comments
[–] ChicoSuave@lemmy.world 35 points 10 months ago (7 children)

If this forces 23andMe to shutter, some other tech firm will gobble up that genetic data without the original users having any agency in the decision. Imagine having your genes create value for others and you only get the liability? Oof.

[–] designatedhacker@lemm.ee 5 points 10 months ago (1 children)

Yeah download and delete your account + data if you still have one.

[–] aphlamingphoenix@lemm.ee 11 points 10 months ago (2 children)

Do we know they delete the data when you do that? A lot of software is designed to "soft delete" data, where you mark the record with a "deleted" flag that excludes it from future queries. This data still lingers in the database and would still be accessible by anyone who can bypass the application logic, such as someone with a direct DB connection and read privileges.

[–] sir_reginald@lemmy.world 5 points 10 months ago (1 children)

and let's not forget that it was stolen, so it's probably being sold right now anyway.

[–] designatedhacker@lemm.ee 1 points 9 months ago

They stole the DNA data of users with recycled passwords. Last I saw this was 14,000 users and I was notified that at least one was transitively related to me. So they didn't get my DNA, just one or more user's view of my profile. I got out before a real breach happens and they do privilege escalation or phish an admin or something. Or like OP said go into bankruptcy/acquisition and sell their most valuable asset.

[–] designatedhacker@lemm.ee 2 points 9 months ago

They say that they do, so I'll be getting a juicy $5 class action check if that was a lie. Most companies that implimented GDPR didn't do a lot of if eu actually delete type code. The cost of determining EU citizenship incorrectly is pretty high.

load more comments (5 replies)