Attackers were able to compromise 23andMe over five months beginning April 2023, enabling access to 5.5 million DNA Relatives profiles and details from 1.4 million users of the Family Tree feature, said the company in a disclosure in October.
What an absolute failure of the legal system to understand the issue at hand and appropriately assign liability.
Here’s an article with more context, but tl;dr the “hackers” used credential stuffing, meaning that they used username and password combos that were breached from other sites. The users were reusing weak password combinations and 23andme only had visibility into legitimate login attempts with accurate username and password combos.
Arguably 23andme should not have built out their internal data sharing service quite so broadly, but presumably many users are looking to find long lost relatives, so I understand the rationale for it.
Thus continues the long, sorrowful, swan song of the password.
That’s literally just a long password that you can never recover your data from when you inevitably lose or forget it (remember we’re talking about the majority of users here who do not use password managers).
there’s literally zero technical reason that a user couldn’t reset a private key the same as a password. after all, you just pointed out they are almost the same.
edit: if you’d like to see an example create SSH keys for your GitHub account and then reset them
I assumed you were talking about a private key as in cryptographic private key, where your data is encrypted on the remote server and your private key is required for it to be decrypted and for you to use it.
If you just talking about something to get into an SSH key then all that is is a longer password.
not at all. are you expected to remember it? would it even be possible to memorize for most? not even close to the same thing, passwords have very low entropy which causes all their problems
secret data, typically a string of characters, usually used to confirm a user’s identity
A secret key or passcode meets that definition 🤦 You’re most definitely on poor standing here.
A very long password that no one can remember (ie. A key) is still a password. Also are you unaware of the existence of password managers and random password generation…?
What an absolute failure of the legal system to understand the issue at hand and appropriately assign liability.
Here’s an article with more context, but tl;dr the “hackers” used credential stuffing, meaning that they used username and password combos that were breached from other sites. The users were reusing weak password combinations and 23andme only had visibility into legitimate login attempts with accurate username and password combos.
Arguably 23andme should not have built out their internal data sharing service quite so broadly, but presumably many users are looking to find long lost relatives, so I understand the rationale for it.
Thus continues the long, sorrowful, swan song of the password.
passwords were maybe the dumbest idea ever invented
What is your suggestion for a superior solution to the problems passwords solve?
private keys, etc
That’s literally just a long password that you can never recover your data from when you inevitably lose or forget it (remember we’re talking about the majority of users here who do not use password managers).
there’s literally zero technical reason that a user couldn’t reset a private key the same as a password. after all, you just pointed out they are almost the same.
edit: if you’d like to see an example create SSH keys for your GitHub account and then reset them
That’s… Literally just a long password.
I assumed you were talking about a private key as in cryptographic private key, where your data is encrypted on the remote server and your private key is required for it to be decrypted and for you to use it.
If you just talking about something to get into an SSH key then all that is is a longer password.
not at all. are you expected to remember it? would it even be possible to memorize for most? not even close to the same thing, passwords have very low entropy which causes all their problems
A password is literally just:
A secret key or passcode meets that definition 🤦 You’re most definitely on poor standing here.
A very long password that no one can remember (ie. A key) is still a password. Also are you unaware of the existence of password managers and random password generation…?