23andMe admits hackers stole raw genotype data - and that cyberattack went undetected for months | Firm says it didn’t realize customers were being hacked::Firm says it didn’t realize customers were being hacked
If this forces 23andMe to shutter, some other tech firm will gobble up that genetic data without the original users having any agency in the decision. Imagine having your genes create value for others and you only get the liability? Oof.
Yeah download and delete your account + data if you still have one.
Do we know they delete the data when you do that? A lot of software is designed to “soft delete” data, where you mark the record with a “deleted” flag that excludes it from future queries. This data still lingers in the database and would still be accessible by anyone who can bypass the application logic, such as someone with a direct DB connection and read privileges.
and let’s not forget that it was stolen, so it’s probably being sold right now anyway.
They stole the DNA data of users with recycled passwords. Last I saw this was 14,000 users and I was notified that at least one was transitively related to me. So they didn’t get my DNA, just one or more user’s view of my profile. I got out before a real breach happens and they do privilege escalation or phish an admin or something. Or like OP said go into bankruptcy/acquisition and sell their most valuable asset.
They say that they do, so I’ll be getting a juicy $5 class action check if that was a lie. Most companies that implimented GDPR didn’t do a lot of
if eu actually deletetype code. The cost of determining EU citizenship incorrectly is pretty high.
Holy fuck they’re incompetent
Data Protection and Privacy laws need an absolute complete overhaul.
They fucked 23 and me all at the same time.
Ancestry better be making sure they have all their shit patched now.
Oh well that’s horrifying.
…Why does anybody need raw genotypes so much that this happened?
It’s data, that’s all that’s needed. That you or I can’t think of a reason or use case (well, outside of authoritarian nation state business that is) that makes it valuable just means we aren’t likely ghoulish enough.
But you can’t change your genetic data, so it’s a bundle of “anonymous” data that will forever remain just waiting for the right link to irreparably link it to someone.
Cheap data point now, but who knows how useful or valuable it could be if the cyberpunk Dystopia of Tech Bro Billionaire’s wet dreams come to pass?
China… because China is a black hole of information and will steal anything and everything for hegemonic advantage. If that DNA belongs to family or friends of powerful people, that could lead to a future blackmail advantage
Russia, because fuck the West.
