23andMe confirms hackers stole ancestry data on 6.9 million users::Genetic testing company 23andMe revealed that its data breach was much worse than previously reported, hitting about half of its total customers.
Would you let government collect DNA from people when they are born? Absolutely not, but I will definitely give it to a silicon valley start up who will then proceed to sell it and have it stolen.
If you’re allowing a corporation to have it, you are giving de facto consent for government to collect it with zero regard for your rights whatsoever.
They have the greatest ability to buy it, the greatest ability to steal it, and a fairly unique ability to confiscate it.
Good point with that last sentence.
Yeah but what about great aunt Marge? Don’t you want to know if it was Scotland or Denmark?!?
I don’t see how government vs private makes any difference.
A baby isn’t capable of informed consent, so their DNA shouldn’t be collected unless it’s required for some medical reason (and then the sample should be immediately destroyed and no records kept).
If an adult, however, wants to voluntarily give these folks a DNA sample… well that’s their choice. I’m not surprised it ended poorly.
I can very easily imagine a 23 year old liberal virgin technocratic atheist saying that DNA should be collected at birth to solve crimes. These are also the same people who likely support euthanizing disabled people if they “consent” to it.
Liberal? The “personal freedom from government” folks? I think you’re thinking of someone who is pro authoritarian. I could 100% see a tankie, fascist, or right-wing authoritarian agreeing with that.
Liberal as in American liberal.
deleted by creator
Didn’t they originally try to brush this off as credential stuffing and aggregation?
There should be harsher penalties around mishandling people’s data, especially if you lie about it to save face.
There are very big penalties in the EU for that.
Good thing that these things haven’t really taken off in my home country. Otherwise, you don’t even need to submit your DNA. If enough of your stupid relatives do it, they’ll have a good idea about you.
deleted by creator
My uncle did this and I found out that I’m 3% Irish. As a Gamer, this is a Clayton Bigsby moment.
Two days ago they sent an update to their TOS that they will require arbitration and to reply to their legal department to “opt out”.
I got the email from 23 and me about changing their terms of service as well (wordy for search engine optimization). I opted out of the change
Thank you. Done.
Instead of them selling it.
Supposedly not selling it…
Sorry, “donations” like a church. Dirty government money is tax free
Supposedly Facebook runs a really clean and straightforward operation, too. I hear banks are really generous as well.
I hear bitcoin investors only want to decentralize currency, too. It’s def not a scam. Totes legit. Let’s all go buy lots of bitcoins! Who wants monkey nfc’s and exploding kittens nfc’s!?
You sound pretty confused are you okay?
data on 6.9 million users
Nice.
Was looking for this one
I assume that’s just all their users
The dot in between the 6 and the 9 is their dead baby.
So I got an email today telling me that I would automatically accept their new ToS (which included barring me from class action lawsuits without 1-2 months of arbitration), but I could email them to refuse the change and keep the old ToS. I emailed them to refuse the change, was that a mistake?
I find it hard to believe “not responding to an email” is consent. I mean they can write that in an email but there’s no way they could hold you to that in court.
If the original contract has provisions for changing it in this manner then it might hold up in court. But of they didn’t have the foresight to include mandatory arbitration to begin with that’s unlikely the lawyers who drafted it thought that far ahead.
What I’m curious about is if my brother’s DNA was stolen. Do I have the right to sue for negligent handling of data that’s as much his as mine?
I would think so. IANAL but I’m sure there’s a ton of precedence for cases similar to this. HIPAA laws are very good for the people.
I hadn’t considered HIPAA. IANAL either but I have taken business law 101 as well as human services classes that both covered it.
If I remember right though, HIPAA isn’t a personal lawsuit. It’s the feds suing corporations for violations. I can’t like, personally sue the health industry for a violation (as far as I remember).
It’s typical in software.
No
Not a mistake, but their ToS change without consent probably wouldn’t stand up in court.
And this, children, is why we don’t give deeply personal data to companies.
Hey, at least they weren’t put in the Jewish Database.
deleted by creator
So hackers can have my info, but I can’t have a copy of my own data.
Yet more evidence that we shouldn’t be handing over sensitive data to random companies. Will this change anyone’s behaviour? Sadly, probably not.
I struggle to see what someone could do with that information. My ethnicity is already known by the government and every advertiser collecting my information online. I randomly had my identity connected to my cousin’s before any family took DNA tests. Her name would show up in those questionnaires along with what car I’ve owned and where I’ve lived when I had to go through online government stuff.
I’m relatively paranoid about giving out personal information, but I don’t consider my spit very sensitive.
You get a phone call from someone claiming to be from 23andme but they’re not…
Hi it’s Jim from 23andme.
Just going through security with you. You did a test with us on the 5th Dec, your mother is X and your father is Y.
Ok that confirms who I am.
So as I said it’s Jim and in your results we see you have a genetic condition which means you will have early onset dementia.
We offer a preventative treatment. Want to enrol in the trial? It’s $200.Not the best example I admit but an example of how that data could be misused and you’ve just paid “Jim” $200
What I would do is search for data where the kid is not biological child of both parents. For all the cases I found I would send automated email to both parents saying that if they don’t pay me I will reveal this info to their child, post it on their facebook and email all their friends. How many couples do you think found out that there was a mixup in the in vitro clinic or simply that there was some cheating and didn’t reveal it to everyone My guess is more than 0.
Or I would email everyone on the list saying that I analysed their data and found that there’s 100% probability they are gay/trans/have a small dick. Out of the 7 million, how many would believe it and pay not to have this revealed?
With 7 million users it’s more about running scams than getting ‘dirt’ on the individuals.
There is a lot of job discrimination in hiring of autistic people, especially when it’s hard to fire them.
Many places actively profile for it and consider symptoms to be red flags since they can’t explicitly ask. This is why making it hard to fire people hurts the disadvantaged.
It sucks as a whole. Imagine having everyone’s DNA. You can develop things that hurt a specific set of people only. It may or may not affect you directly, but it affects our communities. You’re right as an individual. No one really cares about your hair or spit and if they did, it’s very easy to get a hair sample in most cases without you even knowing it. As technology gets better there will be (maybe already are ways) to get your DNA that are less intrusive or need less material. AI trained on DNA and physical attribute could probably narrow it down A LOT using video alone.
They don’t have anything DNA. They have generic relationships and percentages
I can’t see any good use
The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports, and self-reported location.
23andMe also confirmed that another group of about 1.4 million people who opted-in to DNA Relatives also “had their Family Tree profile information accessed,” which includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information, the spokesperson said.
This is of course bad but is everyone thinking that actual DNA information was copied or what? That’s what it seems like from y’all’s comments. I mean that’s a pretty easy leap to make, it’s a DNA testing company after all, but they seem pretty specific on what data got out. I don’t immediately see that this specific information is worse than say what a credit reporting agency has on you.
I can see someone nefarious blackmailing people that discovered they accidentally married their long lost sister or those who found out their father cheated on their mother or something.
The relatives thing is weird anyway. I took the 23andMe test and downloaded my raw data and wrote a script to find different marker values. The other info I provided the site probably isn’t accurate. Don’t really care if someone gets my DNA markers either cause DNA isn’t like what most people think it is.
Wait for the new wave of digital parenitity blackmail. Dear X, we see you have two children. We will let Z Y Q from Facebook know if you don’t send eleventy itunes gift cards to…
Why? I mean they’re all dead why would you want to have this information how was it useful how are they going to use it?
Time traveling hackers.
Their goal? To travel back in time and establish the first spam marketing service before the FCC established guidelines to restrict spam and before the discovery of the telephone!
That’s ridiculous, it’s obvious they’re just normal hackers who are doing the very standard thing of collecting family connections and relationship data so they can locate the true scion of Jesus and unlock the secrets of the holy grail. It’s what all the scam centers and bot armies do.
This is so predictable. Large databases are valuable targets for theft.
It seems like the vulnerability at 23 was users who used the same password on another site.
Presumably the attackers had those databases (easy to obtain peeps, thats why we use different passwords and password managers) and a good script that let them login and download. Probably over a whole lot of proxy IPs, so it was hard for 23 to see that they were under attack for a while.
Don’t know what else to say… Maybe 2 factor authentication should be more common. I guess with them you could spit on your monitor and it should log you in.
If that’s the only issue it seems a bit of a far reach to say they were breached.
