DNA database 23andMe admits 6.9m user profiles hacked

beschizza · December 6, 2023, 2:29pm

Originally published at: DNA database 23andMe admits 6.9m user profiles hacked | Boing Boing

…

Steve_L · December 6, 2023, 2:49pm

Oh look, they just changed their terms of service 6 days ago to make everyone agree to arbitration.

Except those TOS changes haven’t gone live yet, have they?

On November 30, 2023, we launched updates to our Terms of Service.Important updates were made to the Dispute Resolution and Arbitration section to include procedures that will encourage a prompt resolution of any disputes and to streamline arbitration proceedings where multiple similar claims are filed. These updates will go into effect for customers 30 days from the date this email is received.

Or did they send that email on November 6th? From the tense on that quote, “launched” and “were made”, I suspect the TOS updates haven’t yet gone into effect. So users may still have time to use the older dispute resolution procedures?

gracchus · December 6, 2023, 3:10pm

This turns another reason it’s a bad idea to participate in these companies’ “social network” features (in addition to being pestered by 4th cousins or finding out that dad had a secret second family).

douglas_stuart · December 6, 2023, 3:35pm

“You can change your password, but you can’t change the banding pattern in your spit.”

THIS as I have been saying, is the ultimate problem with biometrics.
“yeah the 1’s and 0’ code was stolen, so we’re gonna need you to grow a new retina, m’kay?”

Carbonman · December 6, 2023, 4:03pm

Yep, biometric identifiers are “non-revocable tokens”. My family has wondered why I’ve never used one of these sites or the other scrapers like zitter or facebook.
I know there’s enough information on me floating around on the web; I refuse to make it easy for the script kiddies though.

fiatrn · December 6, 2023, 4:17pm

If i read the article correctly, they got into the company by logging in as a customer (using stolen login credentials) and were able to break into the rest of the system and steal stuff from a regular customer account. Can that be correct? That sounds like pretty shitty security.

Brainspore · December 6, 2023, 4:39pm

Of course this also means hackers likely have sensitive information about you even if you didn’t give your DNA to the company because one or more of your relatives probably did at some point.

If cops can use the database to track down suspects in decades-old cold cases then stalkers and criminals can use it too.

Simon_Clift · December 7, 2023, 5:55pm

Repeating myself repeating Brian Krebs repeating himself, but it bears repeating…

system · December 11, 2023, 2:30pm

This topic was automatically closed after 5 days. New replies are no longer allowed.

Topic		Replies	Views
23andme & Ancestry.com aggregated the world's DNA; the police obliged them by asking for it boing	19	3712	October 22, 2015
The privacy-invading, junk science "home DNA test" industry is cratering boing	32	1962	February 1, 2020
23andMe vs. the FDA in less than 4 minutes boing	21	5318	December 2, 2013
23andMe to hacking victims: it's your fault because you reused passwords boing	46	846	January 11, 2024
MyHeritage leaks data of 92 million who use the genealogy and family tree website boing	15	1291	June 10, 2018

DNA database 23andMe admits 6.9m user profiles hacked

Related Topics