this post was submitted on 03 Jan 2024
824 points (94.1% liked)

Technology

59982 readers
4008 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

Hope this isn't a repeated submission. Funny how they're trying to deflect blame after they tried to change the EULA post breach.

you are viewing a single comment's thread
view the rest of the comments
[–] capital@lemmy.world 77 points 11 months ago (40 children)

The data breach started with hackers accessing only around 14,000 user accounts. The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers

Turns out, it is.

What should a website do when you present it with correct credentials?

[–] Hegar@kbin.social 37 points 11 months ago* (last edited 11 months ago) (2 children)

What should a website do when you present it with correct credentials?

Not then give you access to half their customers' personal info?

Credential stuffing 1 grandpa who doesn't understand data security shouldn't give me access to names and genetics of 500 other people.

That's a shocking lack of security for some of the most sensitive personal data that exists.

[–] capital@lemmy.world 10 points 11 months ago

You either didn’t read or just really need this to be the company’s fault.

Those initial breaches lead to more info being leaked because users chose to share data with those breached users before their accounts were compromised.

When you change a setting on a website do you want to have to keep setting it back to what you want or do you want it to stay the first time you set it?

[–] jimbo@lemmy.world 4 points 11 months ago (2 children)

Not then give you access to half their customers’ personal info?

That's a feature of the service that you opt into when you're setting up your account. You're not required to share anything with anyone, but a lot of people choose too. I actually was able to connect with a half-sibling that I knew I had, but didn't know how to contact, via that system.

[–] Hegar@kbin.social 1 points 11 months ago (1 children)

Hi! If you've used it, there's something I was curious about - how many people's names did it show you?

If 50%+ of the 14000 had the feature enabled, it was showing an average of 500-1000 "relatives". Was that what you saw? What degree of relatedness did they have?

I don't think that opting in changes a company's responsibility to not launch a massive, inevitable data security risk, but tbh I'm less interested in discussing who's to blame than I am in hearing more about your experience using the feature. Thanks in advance!

[–] jimbo@lemmy.world 1 points 11 months ago* (last edited 11 months ago)

This list shows 1500 people for me. I assume that's just some arbitrary limit to the number of results. There's significantly overlap in the relationship lists, so the total number of people with data available is less than the (14000 x 0.5 x 1500) than the math might indicate.

My list of possible relations goes from 25% to 0.28% shared DNA. That's half-sibling down to 4th cousin (shared 3rd-great-grandparents).

The only thing I can see for people who I haven't "connected" with is our shared ancestry and general location (city or state) if they share it. I can see "health reports" if the person has specifically opted to share it with me after "connecting".

load more comments (37 replies)