this post was submitted on 03 Jan 2024
824 points (94.1% liked)

Technology

59534 readers
3195 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Hope this isn't a repeated submission. Funny how they're trying to deflect blame after they tried to change the EULA post breach.

you are viewing a single comment's thread
view the rest of the comments
[–] dpkonofa@lemmy.world 218 points 10 months ago (52 children)

I'm seeing so much FUD and misinformation being spread about this that I wonder what's the motivation behind the stories reporting this. These are as close to the facts as I can state from what I've read about the situation:

  1. 23andMe was not hacked or breached.
  2. Another site (as of yet undisclosed) was breached and a database of usernames, passwords/hashes, last known login location, personal info, and recent IP addresses was accessed and downloaded by an attacker.
  3. The attacker took the database dump to the dark web and attempted to sell the leaked info.
  4. Another attacker purchased the data and began testing the logins on 23andMe using a botnet that used the username/passwords retrieved and used the last known location to use nodes that were close to those locations.
  5. All compromised accounts did not have MFA enabled.
  6. Data that was available to compromised accounts such as data sharing that was opted-into was available to the people that compromised them as well.
  7. No data that wasn't opted into was shared.
  8. 23andMe now requires MFA on all accounts (started once they were notified of a potential issue).

I agree with 23andMe. I don't see how it's their fault that users reused their passwords from other sites and didn't turn on Multi-Factor Authentication. In my opinion, they should have forced MFA for people but not doing so doesn't suddenly make them culpable for users' poor security practices.

[–] Kittenstix@lemmy.world 71 points 10 months ago (3 children)

I think most internet users are straight up smooth brained, i have to pull my wife's hair to get her to not use my first name twice and the year we were married as a password and even then I only succeed 30% of the time, and she had the nerve to bitch and moan when her Walmart account got hacked, she's just lucky she didn't have the cc attached to it.

And she makes 3 times as much as I do, there is no helping people.

[–] SnotFlickerman@lemmy.blahaj.zone 39 points 10 months ago* (last edited 10 months ago) (2 children)

These people remind me of my old roommate who "just wanted to live in a neighborhood where you don't have to lock your doors."

We lived kind of in the fucking woods outside of town, and some of our nearest neighbors had a fucking meth lab on their property.

I literally told him you can't fucking will that want into reality, man.

You can't just choose to leave your doors unlocked hoping that this will turn out to be that neighborhood.

I eventually moved the fuck out because I can't deal with that kind of hippie dippie bullshit. Life isn't fucking The Secret.

[–] c0mbatbag3l@lemmy.world 25 points 10 months ago (1 children)

I have friends that occasionally bitch about the way things are but refuse to engage with whatever systems are set up to help solve whatever given problem they have. "it shouldn't be like that! It should work like X"

Well, it doesn't. We can try to change things for the better but refusal to engage with the current system isn't an excuse for why your life is shit.

[–] SnotFlickerman@lemmy.blahaj.zone -4 points 10 months ago* (last edited 10 months ago) (1 children)

~~The bootlickers really come out of the woodwork here to suck on corporate boot.~~

Edit: wrong thread.

[–] NoIWontPickaName@kbin.social 2 points 10 months ago (1 children)

What in the fuck are you talking about? You’re the one standing up for the corporation

[–] SnotFlickerman@lemmy.blahaj.zone 0 points 10 months ago* (last edited 10 months ago) (1 children)

Yeah that is my bad, responded to the wrong thread.

In this case, the corporation isn't wrong that users aren't doing due dilligence.

[–] NoIWontPickaName@kbin.social 3 points 10 months ago

Happens to the best of us

[–] ripcord@lemmy.world 4 points 10 months ago (1 children)
[–] aksdb@feddit.de 1 points 10 months ago

I would definitely want my door locked for that.

[–] Ibex0@lemmy.world 7 points 10 months ago (2 children)

Lately I try to get people to use Chrome's built-it password manager. It's simple and it works across platforms.

[–] Chobbes@lemmy.world 21 points 10 months ago (1 children)

I get that people aren’t a fan of Google, and I’m not either, but this is a reasonable option that would be better than what the vast majority of people are doing now…

[–] Ibex0@lemmy.world 1 points 10 months ago

That's what I'm getting at. It's an upgrade for most users and certainly novices. I thought I was being cleaver with a password manager and they got hacked twice (you know who).

[–] SnotFlickerman@lemmy.blahaj.zone 15 points 10 months ago* (last edited 10 months ago) (1 children)

Bitwarden is simple, works across platforms, is open source, and isn't trusting your data to a company whose *checks notes entire business model is based on sucking up as much data as possible to use for ad-targeting.

I'll trust the company whose business model isn't built on data-harvesting, thanks.

Also, Firefox is better for the health of the web, Google is using Chrome as a backdoor to dictate web standards, yadda yadda.

[–] psud@lemmy.world 1 points 10 months ago

You and I can choose our tools as the best for our use case and for the good of the internet in general, but our non-tech friends can't.

I convinced a friend to use KeePass, but he wouldn't spend the time to learn it. I now tell him and others like him to just use Chrome's suggested password.

[–] kautau@lemmy.world -1 points 10 months ago

~~internet users~~

people

load more comments (48 replies)