this post was submitted on 26 Jan 2024
320 points (98.5% liked)

Technology

59569 readers
3825 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
320
23andMe admits hackers stole raw genotype data - and that cyberattack went undetected for months | Firm says it didn't realize customers were being hacked (www.techradar.com)
submitted 10 months ago by L4s@lemmy.world to c/technology@lemmy.world
39 comments fedilink hide all child comments
 

23andMe admits hackers stole raw genotype data - and that cyberattack went undetected for months | Firm says it didn't realize customers were being hacked::Firm says it didn't realize customers were being hacked

you are viewing a single comment's thread
view the rest of the comments
[–] pineapplelover@lemm.ee 30 points 10 months ago (9 children)

Holy fuck they're incompetent

[–] JDubbleu@programming.dev -3 points 10 months ago* (last edited 10 months ago) (8 children)

Look, I'm as ready as anyone to jump on companies for mishandling data. I work daily with extremely private medical information protected by an ungodly amount of laws, and it pisses me off how whimsical most companies are with customer data. This one wasn't exactly their fault though. If you use the SAME EMAIL AND PASSWORD across multiple different sites it's not site B's fault when site A gets hacked and your login information is attempted on site B. It's also not even that surprising given people willingly giving up information this private aren't exactly the most privacy literate.

Could they have enforced multi-factor 2FA? Sure, and it would've mitigated some of the damage. However, I think we can all reason that they probably had the same password for their email and phone provider. Hardware keys aren't cheap, and most people just don't have them. It's also pretty reasonable that it would take a super long time to figure out someone logging in with a username and password was "hacked".

[–] pineapplelover@lemm.ee 7 points 10 months ago (7 children)

You have a point. However, I think they should've forced 2fa from the start.

[–] Kushia@lemmy.ml 6 points 10 months ago (1 children)

Everyone already has the hardware for 2fa in their pockets too. This was simply a decision this company made to minimise barriers to their customers wallets.

[–] pineapplelover@lemm.ee 2 points 10 months ago

Maybe a lot of us do but the general population might not even know what hardware tokens are and if they exist.

load more comments (5 replies)
load more comments (5 replies)
load more comments (5 replies)