"The Wall Street Journal recently reported that #23andMe once had a market cap of $6 billion. That has dropped to $350 million. "
Here we go again: how do we figure out how much of 23andMe's woes is due to a #databreach and their pretty deplorable #incidentresponse that blamed their users, and how much is due to other financial issues involving their investments?
23andMe data breach: #Hackers stole raw genotype data, health reports
Ugh, so after blaming other people for this breach, 23andMe admits that raw genotype data (which, btw is immutable as it gets for data points) was compromised… due to a 5-month long credential stuffing campaign.
Watch our new video case study on how attackers gained access the personal data of 6.9 million #23andMe users without compromising the company directly. We'll share what happened and the new implications for organizations: https://youtu.be/B-5Y72UWWhI #databreach#cybersecurity#CISO
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #01/2024 is out! It includes the following and much more:
➝ 🇺🇸 🖼️ MAJOR US #MUSEUMS SUFFER #CYBERATTACK FALLOUT
➝ 🇪🇸 📡 A “ridiculously weak“ password causes disaster for #Spain’s No. 2 mobile carrier
➝ 🔓 🧬 #23andMe tells victims it’s their fault that their data was breached
➝ 🔓 💸 #OrbitChain loses $86 million in the last #fintech hack of 2023
➝ 🔓 🅿️ Europe’s Largest Parking App Provider Informs Customers of Data Breach
➝ 💸 🙊 #Crypto wallet founder loses $125,000 to fake airdrop website
➝ 🇺🇸 ⚖️ US Says 19 People Charged Following 2019 Takedown of #xDedic Cybercrime Marketplace
➝ 🇵🇸 🇮🇱 Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks
➝ 🔓 ❌ Hacked #Mandiant X Account Abused for #Cryptocurrency Theft
➝ 🇳🇬 🇺🇸 ⚖️ Nigerian hacker arrested for stealing $7.5M from charities
➝ 🇦🇱 📡 Albanian Parliament and One Albania Telecom Hit by Cyber Attacks
➝ 🇺🇸 The FBI is adding more cyber-focused agents to U.S. embassies
➝ 🇺🇸 ⚖️ Former #BreachForums admin to be jailed until Jan. 19 sentencing
➝ 🇺🇸 💰 DOJ Slams #XCast with $10 Million Fine Over Massive Illegal Robocall Operation
➝ 📷 🥸 #Google Contractor Pays Parents $50 to Scan Their Childrens' Faces
➝ 💰 🥸 Google Settles $5 Billion #Privacy Lawsuit Over Tracking Users in 'Incognito Mode'
➝ 🇨🇳 🗳️ #Taiwan to reveal Chinese election interference after Saturday’s vote
➝ 🦠 💰 #Merck Settles #NotPetya Insurance Claim, Leaving #Cyberwar Definition Unresolved
➝ 🦠 🇰🇵 SpectralBlur: New #macOS Backdoor Threat from North Korean Hackers
➝ 🦠 🐍 3 Malicious #PyPI Packages Found Targeting #Linux with Crypto Miners
➝ 🦠 🎠 New Bandook #RAT Variant Resurfaces, Targeting #Windows Machines
➝ 🦠 🎠 UAC-0050 Group Using New #Phishing Tactics to Distribute Remcos RAT
➝ 🦠 🇺🇦 CERT-UA Uncovers New #Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
➝ 🔓 🦠 Free Decryptor Released for #BlackBasta Ransomware
➝ 🐛 📨 #SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof #Emails
➝ 🩹 #Ivanti warns critical EPM #bug lets hackers hijack enrolled devices
➝ 🩹 Google Patches Six Vulnerabilities With First #Chrome Update of 2024
➝ 🩹 🐡 Millions still haven’t patched #Terrapin SSH protocol #vulnerability
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Oh boy, victim blaming! That'll make everyone who was in the data breach feel better! Do not use biometrics to log in, you can't change your iris or fingerprint, your fingerprint isn't as unique as everyone thought, and cops can force you to unlock a device locked with biometrics but not pin/password.
Following the breach of 6.9 million 23andMe users, the DNA and ancestry company has changed its terms of service. Axios asks a law expert whether the change will protect them from customers who might wish to take legal action.
Sure, the #23andMe leak was bad, but seriously, if people are afraid that something bad might happen if their #DNA got leaked, I wonder whether they really honestly believe that their DNA is a "secret"?
Just like fingerprints, you leave your DNA everywhere you go.
It has never been a problem for suitably motivated and resourced actors to get your DNA. Or #fingerprint. Unless you are extremely motivated to keep both secret, but in that case you wouldn't have used 23andMe, would you?
23andMe was hacked and DNA records of 7 million people were compromised. Originally they said it was 14,000.
They just sent out an innocuous sounding email about change in Terms of Service.
If you do not respond rejecting the change, you will give up the ability to be part of the class action lawsuits that are being filed, or take action in court against them.
They sent this out before they are notifying those whose data were breached.
For all of those using #23andMe or similar services, here's a periodic reminder on how to properly protect your #biometrics DNA #2fa factors:
Regularly (at least once a year,) change your genetic code. Small random mutations are insufficient, a new code should be generated.
Never use the same genetic code on more than one service.
Select a strong genetic code. Use at least 8 great-grandparents, and at least 1 billion base pairs.
Never share your genetic code with anyone. We will not ask for your genetic code, and giving your genetic code to a co-worker or friend can result in disciplinary actions, including infectious diseases, romantic angst, and unwanted lifetime financial and caregiving responsibilities.
limiting the time in which users can take legal action and adding a class action waver. If you are a 23andMe user you have 30 days to opt-out. This comes after millions of user data including DNA was leaked.
Well that's fucking sleazy, but not surprising: #23andme just mailed out a "hey we're changing our ToS (to screw your ability to file a class-action lawsuit against us because of our breach) and if you don't do anything, YOU AGREE TO IT".. before actually notifying customers whether they're part of the 6.9 million breached accounts.
If you know anyone who used #23andMe, please encourage them to take steps to opt out of the new terms of service they’re sending customers.
Basically they got hacked big time. And are putting language in the new ToS that you can’t sue them for losing your DNA information, even though the hack has already happened
The #23AndMe data breach is way bigger than originally let on. 7 million customer records were compromised.
The company just sent out an innocuous sounding email about changes in there Terms of Service.
If you do not respond rejecting the change, you will give up the ability to be part of any class action lawsuits that are being filed, or take action in court against them.
They sent this out before they are notifying those whose data were breached.
Of course #23andme got hacked and the DNA profiles of 7 million users was stolen. This was obviously a bad idea from the beginning, made worse when it became clear these companies are cooperating with law enforcement, and now this. The most infuriating part is that if your bio-family members participate, you're basically now identifiable by association.