DNA database 23andMe admits 6.9m user profiles hacked

Originally published at: DNA database 23andMe admits 6.9m user profiles hacked | Boing Boing


Oh look, they just changed their terms of service 6 days ago to make everyone agree to arbitration.

Except those TOS changes haven’t gone live yet, have they?

On November 30, 2023, we launched updates to our Terms of Service.Important updates were made to the Dispute Resolution and Arbitration section to include procedures that will encourage a prompt resolution of any disputes and to streamline arbitration proceedings where multiple similar claims are filed. These updates will go into effect for customers 30 days from the date this email is received.

Or did they send that email on November 6th? From the tense on that quote, “launched” and “were made”, I suspect the TOS updates haven’t yet gone into effect. So users may still have time to use the older dispute resolution procedures?


This turns another reason it’s a bad idea to participate in these companies’ “social network” features (in addition to being pestered by 4th cousins or finding out that dad had a secret second family).


“You can change your password, but you can’t change the banding pattern in your spit.”

THIS as I have been saying, is the ultimate problem with biometrics.
“yeah the 1’s and 0’ code was stolen, so we’re gonna need you to grow a new retina, m’kay?”


Yep, biometric identifiers are “non-revocable tokens”. My family has wondered why I’ve never used one of these sites or the other scrapers like zitter or facebook.
I know there’s enough information on me floating around on the web; I refuse to make it easy for the script kiddies though.


If i read the article correctly, they got into the company by logging in as a customer (using stolen login credentials) and were able to break into the rest of the system and steal stuff from a regular customer account. Can that be correct? That sounds like pretty shitty security.


Of course this also means hackers likely have sensitive information about you even if you didn’t give your DNA to the company because one or more of your relatives probably did at some point.

If cops can use the database to track down suspects in decades-old cold cases then stalkers and criminals can use it too.


Repeating myself repeating Brian Krebs repeating himself, but it bears repeating… :roll_eyes:



This topic was automatically closed after 5 days. New replies are no longer allowed.