23andMe was hacked and DNA records of 7 million people were compromised. Originally they said it was 14,000.
They just sent out an innocuous sounding email about change in Terms of Service.
If you do not respond rejecting the change, you will give up the ability to be part of the class action lawsuits that are being filed, or take action in court against them.
They sent this out before they are notifying those whose data were breached.
Genetic testing company 23AndMe confirmed that it suffered a data breach in what appears to be a targeted attack on Jews & Chinese people. Hackers have put up for sale 1 million data points about Ashkenazi Jews, plus hundreds of thousands of Chinese users.
Well that's fucking sleazy, but not surprising: #23andme just mailed out a "hey we're changing our ToS (to screw your ability to file a class-action lawsuit against us because of our breach) and if you don't do anything, YOU AGREE TO IT".. before actually notifying customers whether they're part of the 6.9 million breached accounts.
The #23AndMe data breach is way bigger than originally let on. 7 million customer records were compromised.
The company just sent out an innocuous sounding email about changes in there Terms of Service.
If you do not respond rejecting the change, you will give up the ability to be part of any class action lawsuits that are being filed, or take action in court against them.
They sent this out before they are notifying those whose data were breached.
Genetic testing firm 23andMe has suffered a data breach.
1 million data points exclusively about Ashkenazi Jews have been advertised for sale on a cybercrime forum. There's also information about hundreds of thousands of users of Chinese descent.
It appears to be a credential stuffing attack—where previously leaked logins and passwords from other sites are tried on 23andMe—with the attackers then scraping data from profiles
For all of those using #23andMe or similar services, here's a periodic reminder on how to properly protect your #biometrics DNA #2fa factors:
Regularly (at least once a year,) change your genetic code. Small random mutations are insufficient, a new code should be generated.
Never use the same genetic code on more than one service.
Select a strong genetic code. Use at least 8 great-grandparents, and at least 1 billion base pairs.
Never share your genetic code with anyone. We will not ask for your genetic code, and giving your genetic code to a co-worker or friend can result in disciplinary actions, including infectious diseases, romantic angst, and unwanted lifetime financial and caregiving responsibilities.
The really awful thing about #23andMe and their ilk is that while you can choose not to do your own test, close family members can and probably will (just look at how families typically behave on #Facebook for example) and then your data is quite easily determinable too.
If #23AndMe hadn't been storing reams of genetic information on its users indefinitely in the first place, that information wouldn't be in the hands of bad actors now. This rampant uncontrolled data collection by big tech companies needs to stop.
limiting the time in which users can take legal action and adding a class action waver. If you are a 23andMe user you have 30 days to opt-out. This comes after millions of user data including DNA was leaked.
#23andme célèbre boîte privée de recherche de parenté génétique, s'est fait pirater.
Les données génétiques, le nom, le prénom et le sexe de milliers de personnes ayant un héritage (génétique) #juif ashkénaze a fuité sur le web il y a quelques jours.
What could possibly go wrong ?
Déjà que payer pour qu'une boîte privée stocke ton ADN aux US c'est un peu une idée mauvaise sur les bords, mais pour faire du fichage ethnique, c'est parfait !
Following the breach of 6.9 million 23andMe users, the DNA and ancestry company has changed its terms of service. Axios asks a law expert whether the change will protect them from customers who might wish to take legal action.
Sure, the #23andMe leak was bad, but seriously, if people are afraid that something bad might happen if their #DNA got leaked, I wonder whether they really honestly believe that their DNA is a "secret"?
Just like fingerprints, you leave your DNA everywhere you go.
It has never been a problem for suitably motivated and resourced actors to get your DNA. Or #fingerprint. Unless you are extremely motivated to keep both secret, but in that case you wouldn't have used 23andMe, would you?
Oh boy, victim blaming! That'll make everyone who was in the data breach feel better! Do not use biometrics to log in, you can't change your iris or fingerprint, your fingerprint isn't as unique as everyone thought, and cops can force you to unlock a device locked with biometrics but not pin/password.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #01/2024 is out! It includes the following and much more:
➝ 🇺🇸 🖼️ MAJOR US #MUSEUMS SUFFER #CYBERATTACK FALLOUT
➝ 🇪🇸 📡 A “ridiculously weak“ password causes disaster for #Spain’s No. 2 mobile carrier
➝ 🔓 🧬 #23andMe tells victims it’s their fault that their data was breached
➝ 🔓 💸 #OrbitChain loses $86 million in the last #fintech hack of 2023
➝ 🔓 🅿️ Europe’s Largest Parking App Provider Informs Customers of Data Breach
➝ 💸 🙊 #Crypto wallet founder loses $125,000 to fake airdrop website
➝ 🇺🇸 ⚖️ US Says 19 People Charged Following 2019 Takedown of #xDedic Cybercrime Marketplace
➝ 🇵🇸 🇮🇱 Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks
➝ 🔓 ❌ Hacked #Mandiant X Account Abused for #Cryptocurrency Theft
➝ 🇳🇬 🇺🇸 ⚖️ Nigerian hacker arrested for stealing $7.5M from charities
➝ 🇦🇱 📡 Albanian Parliament and One Albania Telecom Hit by Cyber Attacks
➝ 🇺🇸 The FBI is adding more cyber-focused agents to U.S. embassies
➝ 🇺🇸 ⚖️ Former #BreachForums admin to be jailed until Jan. 19 sentencing
➝ 🇺🇸 💰 DOJ Slams #XCast with $10 Million Fine Over Massive Illegal Robocall Operation
➝ 📷 🥸 #Google Contractor Pays Parents $50 to Scan Their Childrens' Faces
➝ 💰 🥸 Google Settles $5 Billion #Privacy Lawsuit Over Tracking Users in 'Incognito Mode'
➝ 🇨🇳 🗳️ #Taiwan to reveal Chinese election interference after Saturday’s vote
➝ 🦠 💰 #Merck Settles #NotPetya Insurance Claim, Leaving #Cyberwar Definition Unresolved
➝ 🦠 🇰🇵 SpectralBlur: New #macOS Backdoor Threat from North Korean Hackers
➝ 🦠 🐍 3 Malicious #PyPI Packages Found Targeting #Linux with Crypto Miners
➝ 🦠 🎠 New Bandook #RAT Variant Resurfaces, Targeting #Windows Machines
➝ 🦠 🎠 UAC-0050 Group Using New #Phishing Tactics to Distribute Remcos RAT
➝ 🦠 🇺🇦 CERT-UA Uncovers New #Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
➝ 🔓 🦠 Free Decryptor Released for #BlackBasta Ransomware
➝ 🐛 📨 #SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof #Emails
➝ 🩹 #Ivanti warns critical EPM #bug lets hackers hijack enrolled devices
➝ 🩹 Google Patches Six Vulnerabilities With First #Chrome Update of 2024
➝ 🩹 🐡 Millions still haven’t patched #Terrapin SSH protocol #vulnerability
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Watch our new video case study on how attackers gained access the personal data of 6.9 million #23andMe users without compromising the company directly. We'll share what happened and the new implications for organizations: https://youtu.be/B-5Y72UWWhI #databreach#cybersecurity#CISO
23andMe data breach: #Hackers stole raw genotype data, health reports
Ugh, so after blaming other people for this breach, 23andMe admits that raw genotype data (which, btw is immutable as it gets for data points) was compromised… due to a 5-month long credential stuffing campaign.