DNA companies should receive severe penalties for losing our data | TechCrunch
techcrunch.com
Personal data is the new gold. The recent 23andMe data breach is a stark reminder of a chilling reality -- our most intimate, personal information might

DNA companies should receive the death penalty for getting hacked | TechCrunch::Personal data is the new gold. The recent 23andMe data breach is a stark reminder of a chilling reality – our most intimate, personal information might

  • Darkassassin07@lemmy.caEnglish
    747·
    10 months ago

    Maybe you shouldn’t use the same user+pass across dozens of different services then.

    The data from 23 and Me was stolen using the legitimate login credentials of users acquired from an entirely different services data breach. Not via their own lax security policies.

    You can’t expect a corporation to protect you from yourself. And they certainly shouldn’t be punished for your ineptitude.

    Don’t get me wrong, these corporations are not your friends, and shouldn’t be trusted implicitly; but you have some responsibilities too.

    /edit:

    But when the chips are down and our data is leaked, they hide behind the old “we were not hacked; it was the users’ old passwords” excuse.

    This logic is equivalent to a bank saying, “It’s not our fault your money got stolen; you should have had a better lock on your front door.” It’s unacceptable and a gross abdication of responsibility.

    I completely disagree with this point. The service obviously has to provide you with access to your information/account. If you give out your login credentials for that access to a third party (another service), that third party loses your information, and it’s then used to access stuff posing as you. That’s your fault. You should not have shared (re-used) those same login credentials with others.

    • Takatakatakatakatak@lemmy.dbzer0.comEnglish
      231·
      10 months ago

      You nailed it. Users cannot be trusted to not re-use login credentials.

      I know we all hate it, but proper 2-factor authentication via authenticator apps must be the default position for everything.

      • spudwart@spudwart.comEnglish
        1·
        9 months ago

        Legit have had conversations with people where they position themselves as superior because they use “the same password” but with an @ instead of an a, or an extra 0 at the end.

        Password Managers are really the best solution to using 1 password everywhere without actually putting yourself at risk. 1 password, to unlock the manager, that lets you copy/paste logins.

        But nope 99% of all bullshit I experience in my friends and family is “but thats too complicated” or “thats too hard” when its 200% fucking not.

        I’m calling them out. These are shit excuses for what their real issue is which is “i don’t wanna change my habits” which is just childish and ignorant.

        Even if its easier, even if its safer. If its different, then they don’t want to even try it.

        There are some people who will have “always used” a spoon to dig holes, and if you showed them a shovel, they’d complain that it’s too hard or too complex, and go back to using the spoon.

      • chatokun@lemmy.dbzer0.comEnglish
        21·
        10 months ago

        I work in IT and don’t want to have to use annoying long passwords, so I’ve been team mfa for at least a decade now. I had physical code devices for SWOTR and FFXIV until I got a software one for the latter. I don’t play the former much but I still have a working physical key somewhere.

        In fact, I’m more annoyed when a service still uses texting your phone and no option to use a mfa app.

  • Doxatek@mander.xyzEnglish
    52·
    10 months ago

    I worked at McDonald’s to be able to afford to go to college and they sold my fingerprint data. I got like 50 dollars in the mail for compensation. Always thought that was fucked. They probably made more selling it all than the settlement was. I should’ve gotten a lot

  • sramder@lemmy.worldEnglish
    481·
    10 months ago

    I swear this headline was just a comment the last time this got posted…

  • Garbanzo@lemmy.worldEnglish
    442·
    10 months ago

    This logic is equivalent to a bank saying, “It’s not our fault your money got stolen; you should have had a better lock on your front door.”

    Isn’t that exactly what the bank would tell you if someone stole your personal info from your home and used it to empty your account?

    This author is a dumbass.

    • starman2112@sh.itjust.worksEnglish
      22·
      10 months ago

      It seems to me like the biggest problem was that in accessing just 14,000 accounts, they got some amount of personal information of nearly 7 million people. Less “you should have had a better lock on your front door” and more “your neighbor’s cousin should have had a better lock on his front door.”

      • totallynotarobot@lemmy.worldEnglish
        7·
        10 months ago

        And a little of the old “it’s really your fault for listening to us when we said you didn’t need a better lock because wE tAkE cUsToMeR pRiVaCy VeRy SeRiOuSlY.”

  • Optional@lemmy.worldEnglish
    284·
    10 months ago

    The 23andMe breach saw hackers gaining access to a whopping 6.9 million users’ personal information, including family trees, birth years and geographic locations. It brings to the fore a few significant questions: Are companies really doing enough to protect our data? Should we trust them with our most intimate information?

    Well . . . NO. But that has never not been the case. These fucking cheese-brained twits who pour out every scrap of personal - and genetic! - info to the tatty basket of whatever Zuckerberg their moron friends are using has been a problem from day one.

    Nothing has changed. Google is evil, Twitter went fascist, facepals is an arm of the FSB, and All Your Genes Are Belong To Us. No fucking shit.

    Using computers for everything requires understanding them and most. People. Don’t.

    • peopleproblems@lemmy.worldEnglish
      2·
      10 months ago

      I like entertaining the idea that purchasing technology should require some form of license like a firearm.

      The only problem with the idea is that I would probably be out of a job pretty quick, given no one would be able to use computers.

  • WashedOver@lemmy.caEnglish
    122·
    10 months ago

    Many of my friends and family sent their DNA away to these outfits. Early on I just ruled it out as I heard they were able to link cold cases to people in these databases. Combine that with the grave miscarriages of justice when they railroad people into convictions my “I haven’t done anything to worry about” still did not want to be a part of that machine.

    I didn’t even think of this reality which is pretty bad. I’m glad I didn’t sign up despite some interest in knowing more about my fractured family connections.

    • Mamertine@lemmy.worldEnglish
      15·
      10 months ago

      They don’t need your DNA to connect you to solve a cold case. They determine we shares tiny chunks of DNA with a sample from a crime. With that, they find the family tree of the known person and can often determine who the guilty party is.

      As in they know the suspect shares a paternal great grandfather with this person and a maternal great great grandmother with that person so we know it’s one of these people. Then the police collect trash to find who from the limited pool the crime DNA belongs to.

  • AutoTL;DR@lemmings.worldBEnglish
    5·
    10 months ago

    This is the best summary I could come up with:

    The recent 23andMe data breach is a stark reminder of a chilling reality – our most intimate, personal information might not be as secure as we think.

    The 23andMe breach saw hackers gaining access to a whopping 6.9 million users’ personal information, including family trees, birth years and geographic locations.

    Government overreach is certainly a possibility, as the FBI and every policing agency in the world is probably salivating at the thought of getting access to such a huge data set of DNA sequences.

    This logic is equivalent to a bank saying, “It’s not our fault your money got stolen; you should have had a better lock on your front door.” It’s unacceptable and a gross abdication of responsibility.

    The fact that the stolen data was advertised as a list of people with ancestries that have, in the past, been victims of systemic discrimination, adds another disturbing layer to this debacle.

    I’ve long argued that after the Equifax breach, the company should have received the corporate equivalent of the death penalty.

    The original article contains 734 words, the summary contains 171 words. Saved 77%. I’m a bot and I’m open source!

  • Appoxo@lemmy.dbzer0.comEnglish
    22·
    10 months ago

    Read DNS and wondered why those are supposed for that to happen lol.

    In regards to the headline: Just don’t use that service and discourage anyone in the family?
    Seems more like a gimmick to me.
    If I’d need something like that, I’d go to a professional lab.

    • douglasg14b@lemmy.worldEnglish
      8·
      10 months ago

      Because users used bad passwords and had their accounts logged into by with these legitimate passwords…?

      Seems like misinformed outrage to me.