23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews - eviltoast

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it’s working to verify the data.

      • kungen@feddit.nu
        link
        fedilink
        arrow-up
        13
        arrow-down
        2
        ·
        1 year ago

        Though if neither a father nor his sons have submitted their DNA, the service will lack all that Y-DNA though, right? I’m glad I made the right decision to not send in my DNA to those sites, despite my sisters hounding me to do it after our dad refused, lol.

        It’s a shame though, because family genetic networking is interesting, but it just goes to show you can’t trust these companies. (Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information)

        • rcbrk@lemmy.ml
          link
          fedilink
          arrow-up
          16
          ·
          1 year ago

          Even though the company didn’t really do anything truly wrong in this case, as it’s simply users reusing passwords, they still should have been better/more proactive especially with such sensitive information

          There’s nothing special or new or unique or unforseen about the security requirements of 23andMe.

          They absolutely failed to implement an appropriate level of security measures for their service.

          Mandatory 2FA could’ve prevented this.

        • macracanthorhynchus@mander.xyz
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          Y chromosomes have very little information on them, and the DNA there is pretty highly conserved. You’re not really keeping any secrets by hiding your Y chromosome away.

    • Avid Amoeba@lemmy.ca
      link
      fedilink
      arrow-up
      14
      arrow-down
      1
      ·
      1 year ago

      They also sent your DNA involuntarily. You can be IDed of someone in your genetic vicinity has sent theirs. They don’t even need to be super close.

    • DessertStorms@kbin.social
      link
      fedilink
      arrow-up
      33
      arrow-down
      21
      ·
      edit-2
      1 year ago

      Top notch victim blaming you got there…

      ETA because I don’t engage with bigots:
      Imagine that, the descendants of one of the biggest genocides in history want to try and piece their history together, and use the available tools to do it with, fucking shocker…
      Then, when they continue getting targeted just for existing, privileged ignorant bigots who couldn’t even imagine what having over 90% of their community gassed is like, and have never been oppressed for who they are a day in their lives, simply can’t help themselves but jump to justify them being attacked again:

      tHe bAstArDs dEseRve eVerYthInG tHey GeT!!11

      And somehow not a word about the attackers, nor the company that failed its customers.

      Sure, antisemitic Jan…🙄🙄🙄

      • AdmiralShat@programming.dev
        link
        fedilink
        English
        arrow-up
        16
        arrow-down
        5
        ·
        1 year ago

        “I can’t believe this incredibly obvious thing happened!” Isn’t really victim blaming, is it? They’re not saying they did it to themselves or they deserved it, they’re saying that this was bound to happen and people volunteered their DNA to a private company

        • pinkdrunkenelephants@sopuli.xyz
          link
          fedilink
          arrow-up
          8
          arrow-down
          6
          ·
          1 year ago

          … Therefore blaming them for using the service.

          Why even have a capitalist economy if private businesses can just abuse people like that and the customer is routinely blamed for participating in the economy the only way they’re allowed to?

          • trailing9@lemmy.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            3
            ·
            1 year ago

            E. g. if somebody loses money in a multilevel marketing scheme, is it wrong to blame the victim? Or is not every victim a victim?

            Regarding your edit, that’s assuming a bit too much to defend your point.

            But that’s what I asked for, your reason why there is no responsibility on the side of the victims.

            To engage with that line of thinking: if you leave agency at people, you can ask why one would trust a company with that data when every conspiracy theorist doesn’t use that service specifically because of the risk of genocide.

            But you are right, there are valid reasons to take the risk.

            • pinkdrunkenelephants@sopuli.xyz
              link
              fedilink
              arrow-up
              3
              ·
              1 year ago

              It’s always wrong to blame the victim, yes. You just genuinely don’t believe they actually are victims, and if you want to have that debate, be honest and have it. But you don’t get to recognize their victimhood and then invalidate it by implying their suffering is partly their fault.

              • trailing9@lemmy.ml
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                Is this a choice of words issue? Saying that somebody could have prevented something and with that knowledge should prevent it next time doesn’t change victimhood for me. The suffering of the victim remains.

                What is lost if the victim had some agency? Is there some metaphysical aspect to it? Are victims prechosen by fate and it’s a sacrilege to question their fate?

                I can agree that a zebra being killed by lions shouldn’t be blamed. But a person who ignores advice from friends and joines a multilevel marketing scheme is not entirely innocent.

                • pinkdrunkenelephants@sopuli.xyz
                  link
                  fedilink
                  arrow-up
                  3
                  ·
                  1 year ago

                  Because attributing any blame to a victim is always a sleazy attempt to shift all responsibility for a situation away from the aggressor and onto the victim. It’s a common abuse tactic.

                  Plus, most people really aren’t capable of doing what they need to do in life-threatening or abusive situations. Adults really don’t have as much agency as they like to pretend they do, and I personally am tired of being dishonest about it.

                  I say that as one of the people who has been abused partly through their own failings and iniquities. I don’t call myself a victim. I’m also not an average representative of people in abusive situations – I have always been and always was capable of doing far more than most other people, and so I am telling you from that experience that you cannot attribute any responsibility for a situation on a victim like that. Most people are just NPCs and you need to respect that.

    • Sgt_choke_n_stroke@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      5
      ·
      1 year ago

      There are a lot of dumb people that wanted to know they were a pure breed European or something to brag about like an IQ test

  • Omega_Haxors@lemmy.ml
    link
    fedilink
    arrow-up
    57
    arrow-down
    3
    ·
    1 year ago

    If people were actually taught history they would have known exactly what their genetic information being in a registry would result in.

    • blandy@lemmy.ml
      link
      fedilink
      arrow-up
      24
      ·
      1 year ago

      Ooof.

      IBM and the Holocaust by Edwin Black should be standard reading for high school students.

  • FIST_FILLET@lemmy.ml
    link
    fedilink
    arrow-up
    30
    arrow-down
    7
    ·
    1 year ago

    a lot of people in these comments who live in privacy-conscious bubbles and aren’t very familiar with “normal” people

    • funkless_eck@sh.itjust.works
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      there’s also this attitude that certain users never did anything wrong. YouSureAboutThat.jpg

      They never signed up for anything that compromised their privacy?

      Also, we all live in abodes with wooden doors and glass windows that anyone with a rock or a stick can break into. Doesn’t mean we deserve to be murdered in our sleep.

    • sevenapples@lemmygrad.ml
      link
      fedilink
      arrow-up
      8
      arrow-down
      2
      ·
      edit-2
      1 year ago

      The fact that big companies collect and sell your data is common knowledge now, definitely not something esoteric that only people in privacy-conscious bubbles know of. However, “normal” people refuse to not follow every trend or get inconvenienced.

  • saigot@lemmy.ca
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    1 year ago

    The company said its systems were not breached and that attackers gathered the data by guessing the login credentials of a group of users and then scraping more people’s information from a feature known as DNA Relatives.

    The information does not appear to include actual, raw genetic data.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      25
      arrow-down
      4
      ·
      1 year ago

      This doesn’t absolve them of anything. If you see thousands of accounts being individually logged in from the same block of IP addresses, and those users have never logged in from there before. That should raise red flags. No, Fred from California shouldn’t be logging in from a vpn based out of Ireland right after Anne from NY logged in from that same VPN from Ireland.

      Users are dumb. This is why there’s tools to track odd behavior and clamp down on it.

      • skippedtoc@lemmy.world
        link
        fedilink
        arrow-up
        13
        arrow-down
        5
        ·
        edit-2
        1 year ago

        “This doesn’t absolve them of anything”

        Of course it does. “Security” based on behaviour tracking is not the expected default like you are making it to be. (neither should it be.)

        • wildginger@lemmy.myserv.one
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          1 year ago

          Thats how my bank tracks my money, and while it might be mildly annoying to make a quick call to reactivate my card if I triggered a red flag, it is absolutely a well appreciated and useful safety feature that I am glad my bank employs.

          Why would I not expect the same level of security for a piece of my medical data? Thats just as important as my money.

          • skippedtoc@lemmy.world
            link
            fedilink
            arrow-up
            1
            arrow-down
            2
            ·
            1 year ago

            Why would I not expect the same level of security for a piece of my medical data?

            Because it’s not a bank.

            Thats just as important as my money.

            Unless you are super rich and have a lot of throwaway money, it’s a false over exaggeration.

            • wildginger@lemmy.myserv.one
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              1 year ago

              You understand that same level of security is used by hospitals, yes? Do you think hospitals are banks?

              Ah, an over exaggeration. Ill tell that to all the jews whose data got targeted and stolen. Im sure it was harmless.

              • skippedtoc@lemmy.world
                link
                fedilink
                arrow-up
                2
                arrow-down
                1
                ·
                1 year ago

                You understand that same level of security is used by hospitals, yes?

                No, not all hospitals at least.

                Ill tell that to all the jews whose data got targeted and stolen.

                Sure, go ahead. You have my permission.

                Im sure it was harmless.

                I don’t know why you are sure of it. It could cause harm even if you can’t think of what harm it will cause.

                Your brain works differently from mine. Your idea of protecting your data is to give away and even force them to collect more data on you. Mine to make them collect less data.

                • wildginger@lemmy.myserv.one
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  1 year ago

                  Your brain short circuits at sarcasm, so Im not really expecting much from it.

                  If you are already giving valued medical data to someone, the simple act of checking the ip of login and sending a “was this you?” email isnt even remotely the level of data loss you want to pretend it is.

                  Its common sense to protect your user, and your database, from phishing. If you want to genuinely claim that phishing protections for medical data is bad, by all means. You already sound like a fool, may as well set the stone.

        • Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          2
          ·
          1 year ago

          I’m sorry, but what behavior tracking would be enabled here to detect that thousands of accounts are logging in from the same ASN that the accounts don’t identify as being in?

          They have your address… They sent you the spit tube kit. and it’s probably in your profile that you willingly give them. What “tracking” is it when “hey this IP belongs to a location that’s 10000 miles away from their profile! Let’s send an email and double check!”.

          • skippedtoc@lemmy.world
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            1 year ago

            hey this IP belongs to a location that’s 10000 miles away from their profile!

            This means you are tracking the information that I have moved or am currently am at 10000 miles whatever place. You have no business knowing where I move to. It is kind of tracking as you are collecting more info than you need to in the name of “Security”.

            If I think my data on a website is important enough I will make the password there random and complex enough not to be guessed or brute forced. I don’t need your extra tracking.

            They can increase security by matching address. Sure. The can also increase security by checking everything on your pc and house to figure out if you are you. I don’t need it.

            Let’s send an email and double check!.

            That’s a different point. They should always provide an option for 2nd or extra authentication for people who want it. But it doesn’t need any other info than that I want 2fa.

            More i

            • Saik0@lemmy.saik0.com
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              2
              ·
              1 year ago

              This means you are tracking the information that I have moved or am currently am at 10000 miles whatever place.

              An ip lookup isn’t tracking jack shit. You are demonstrating that you don’t understand how technology works.

              You furnished your address to the service (by function of how the service works), you accessed the site which exposes your IP. An IP lookup it’s tracking. If you truly believe it is… Hoo boy you should spin up an apache server and look at the logs.

              • skippedtoc@lemmy.world
                link
                fedilink
                arrow-up
                3
                arrow-down
                1
                ·
                1 year ago

                An ip lookup isn’t tracking jack shit.

                Sigh! now you are arguing on definition of tracking. Which is pointless as you can replace that word with whatever you are comfortable with.

                You are demonstrating that you don’t understand how technology works.

                Perhaps. But the since concept of ip hasn’t changed much since the internet became public it’s doubtful that don’t understand ip.

                you accessed the site which exposes your IP.

                Yes. Doesn’t mean you have to save my ip address that I used. Or even the general location I used it from even if it will increase security.

                apache server and look at the logs.

                Shrug. What does that means? You can control the info logged in server and also if you choose to keep it or classify it.

                • bane_killgrind@lemmy.ml
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  Doesn’t mean you have to save my ip address that I used.

                  The most basic webserver keeps access logs. It will save “this person logged in at this address” or some data about the session regardless if it’s looked back on later.

                • Saik0@lemmy.saik0.com
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  arrow-down
                  2
                  ·
                  edit-2
                  1 year ago

                  Yes. Doesn’t mean you have to save my ip address that I used.

                  Who the fuck said anything about saving an IP?

                  Or even the general location I used it from even if it will increase security.

                  IP lookups are not “saving your location”.

                  Shrug. What does that means? You can control the info logged in server and also if you choose to keep it or classify it.

                  No… Not at all. If you reach out to my server, my server has to know where to send the data back to. Part of this process can be an IP lookup that actually identifies where your ASN is based out of. There is no way around this… the request MUST have IP information. Nobody said shit about logging anything. And logging IPs is not required to do anything that I’ve mentioned.

                  Sigh! now you are arguing on definition of tracking.

                  No… I’m arguing pedantic shit. I’m telling you what actually happens and what the actual definition is.

                  Edit: To the point. I actually do IP lookups to BLOCK specific countries in my router. Using a database like maxmind you can get a general idea of location without knowing anything specific at all. So it goes 1 step further to run a check on if your current ASN is even remotely close to your known location. If not, fire off email. nothing about this requires any logging or outside information than what you already gave the company in this case. Other fields use these mechanisms that are well regulated and nobody else except for you calls this “tracking”.

  • Akasazh@feddit.nl
    link
    fedilink
    arrow-up
    15
    ·
    1 year ago

    The full picture of why the data was stolen, how much more the attackers have, and whether it is actually focused entirely on Ashkenazim is still unclear.

    From the article. Way to sensationalize a title…

  • S_204@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    4
    ·
    1 year ago

    My uncle tried to get me to do this for his family tree project.

    Super happy I didn’t cave to his persistence.

    Wonder what the angle of targeting Jews is here? Are they trying to figure out why they’ve got stomach issues or something?

    • creamed_eels@toast.ooo
      link
      fedilink
      arrow-up
      18
      arrow-down
      1
      ·
      1 year ago

      Wonder what the angle of targeting Jews is here?

      …are you seriously asking? I can’t figure out if you’re trolling here. I’m going to go out on a limb and guess it wasn’t breached by a group of geneticists looking to cure Tay-Sachs.

    • wildginger@lemmy.myserv.one
      link
      fedilink
      arrow-up
      15
      arrow-down
      2
      ·
      1 year ago

      I mean, targeting jews is obvious, no? Some racial purity freaks are trying to target the genetic root of a minority group.

      23andMe basically drafted up a list of as many jewish descendants as they could get, which means the lunatics can use it as an easy list of targets.

      Heres hoping the fuckers get caught before they can do anything with the data.

      • S_204@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        3
        ·
        1 year ago

        You think there’s a group that’s going to take this as a hit list?

        I know shits going downhill but I didn’t think I needed to start thinking about packing bags…

          • MalachaiConstant@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            As a power fantasy mostly. They might pass it around and use it to jerk each other off but not much more than that. The problem is, it’s only a fantasy until it makes it’s way into the hands of someone with the means and derangement to act on it: two qualities which, depending on where you live, can be unsettlingly easy to come by

    • blterrible@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      1 year ago

      There’s a whole conspiracy regarding Covid that RFK Jr. is blathering about. Supposedly this data breach targeted Jews and Chinese folks. I’m assuming that it’s related in some way, but it’s not clear how.

  • Rachelhazideas@lemmy.world
    link
    fedilink
    arrow-up
    22
    arrow-down
    22
    ·
    edit-2
    1 year ago

    I am a 23andMe user, and yes I voluntarily sent them my DNA sample. Shit on me all you want. You probably don’t have to live with multiple genetic conditions, chronic illnesses, and have a family history of several more.

    Must be nice to be privileged with a healthy body and to get to care about privacy concerns instead wondering which genetic condition you’ll die of first.

    ITT: People who have never experienced medical gaslighting before. Think about the relevance of your experiences before commenting. ITT: People who don’t live with chronic ille

    • madcaesar@lemmy.world
      link
      fedilink
      arrow-up
      19
      arrow-down
      9
      ·
      1 year ago

      I think you are also cursed with the gene that makes you a dick.

      Obviously there’s good and bad reasons to get tested.

      The point is to be more mindful of who you share your data with. It’s to protect yourself, not to make you feel like a fool.

      • Rachelhazideas@lemmy.world
        link
        fedilink
        arrow-up
        8
        arrow-down
        10
        ·
        1 year ago

        Read the rest of the comments here before you comment. Everyone is bashing 23andMe users and the bubble they live in while the irony is completely lost on them.

        Your so called ‘obvious reasons’ are anything but obviously to the average lemmy user who will find every excuse to feel superior about their niche privacy loving community with no clue how the real world works.

    • S_204@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      10
      ·
      1 year ago

      You’re excuse is such garbage it’s beyond stupid. You’ve got health concerns so you willingly gave up your privacy to a tech company… instead of going through, y’know the medical system which has checks and balances for this purpose.

      You’re the people they want to be their victims. Ignorant people driven by fear.

      • Rachelhazideas@lemmy.world
        link
        fedilink
        arrow-up
        9
        arrow-down
        5
        ·
        1 year ago

        instead of going through, y’know the medical system which has checks and balances for this purpose.

        This is the single dumbest take on healthcare I have ever heard. You’ve clearly never had to deal with extensive medical issues or chronic illnesses, or you’re a straight white guy in your 30s and have the privilege of being believed by your doctor.

        I’ve been forcefully misdiagnosed with ‘anxiety’ by so many doctors who wouldn’t listen to me. No one gave a shit until I threatened to report them to the medical board. That’s the only time they took my symptoms seriously and bothered to do a blood test, where they were proven wrong. No amount of sorry from them will undo the damage they’ve done.

        This was one of 5 incidences where I had to advocate for my own health against the doctor’s preconceptions because theywould rather diagnose me based on my age and gender rather than my symptoms.

        Medical gaslighting is a pervasive issue that disproportionately affects women, POC, young people, and LGBTQ. It’s a systemic issue that kills people through medical neglect. I would be dead by now had I not fought this hard for my own diagnoses.

        The fact that you think modern health care is some pristine and fully reliable process instead of the shit show it is just speaks of how little you’ve had to deal with. Sit down and check yourself before taking about ignorance.

    • wildginger@lemmy.myserv.one
      link
      fedilink
      arrow-up
      5
      arrow-down
      5
      ·
      1 year ago

      But… isnt that what doctors are for? Like, the people who have multiple government mandated levels of security around your data? And medical expertise in which genetic conditions you will die of first?

        • wildginger@lemmy.myserv.one
          link
          fedilink
          arrow-up
          4
          arrow-down
          4
          ·
          1 year ago

          So, you want to blame your local physicians being incompetent for you putting your safety in the hands of less qualified people?

          You arent the only victim of medical malpractice. That doesnt make it smart, sane, or even straightforward to trust a knock off elon musk with your health, that means you have to look for a competent doctor.

          Is that hard? Is it scary? Yes, obviously. Welcome to the world, where scary shit happens to you for no reason sometimes. But malpractice isnt a reason to put yourself further at risk. As evidenced by the now millions of jewish patients whose safety is now likely at risk.

          • Rachelhazideas@lemmy.world
            link
            fedilink
            arrow-up
            4
            arrow-down
            4
            ·
            1 year ago

            You don’t seem to understand what a systemic issue is if you think this is because of a few ‘local physicians’ or just one case of ‘malpractice’. If you think this is something that can be resolved from looking for ‘one competent doctor’, you have no idea how impossible it is to find a team of 1 PCP and 5 specialists who all happen to give a shit, and what to do when you need to go to the ER which is another hellhole of it’s own.

            You can come back to this discussion when you show some understanding of how extensive this issue is.

            • wildginger@lemmy.myserv.one
              link
              fedilink
              arrow-up
              4
              arrow-down
              3
              ·
              1 year ago

              I am speaking from a decade of experience trying to have a correct diagnosis. I dont know how to tell you this, but you are not the first person to have a doctor dismiss them.

              Thats still not an excuse to put yourself further at risk. You can come back to this discussion when you show some understanding of how vastly serious this data breach is.

              • Rachelhazideas@lemmy.world
                link
                fedilink
                arrow-up
                3
                arrow-down
                4
                ·
                1 year ago

                Not wanting to die of medical neglect is a reason, not an excuse.

                I don’t need excuses or your permission to not kill myself.

                • wildginger@lemmy.myserv.one
                  link
                  fedilink
                  arrow-up
                  3
                  arrow-down
                  3
                  ·
                  1 year ago

                  Man, that is such a bullshit pretend nonsense claim.

                  Your only option, the only thing you could do, was sell your data to a data aggregator?

                  What a bold faced lie.

  • Syo@kbin.social
    link
    fedilink
    arrow-up
    6
    arrow-down
    10
    ·
    1 year ago

    Idiots believe their personal information was safe, with a private company.