• @surewhynotlem@lemmy.world
    link
    fedilink
    English
    310 months ago

    That’s only after they broke in.

    So to be clear: the attackers logged into people’s accounts, using those people’s passwords that they stole from other sites, and then got access to those people’s data and the data shared with those people.

    I don’t see how any of this is a hack. If you gave me your login and password, then I would be able to do the same thing. Is that hacking?

    • @boatswain@infosec.pub
      link
      fedilink
      English
      510 months ago

      The “unauthorized access” portion is what makes it a hack. It’s not a super technical hack, but it’s a hack.

    • @thedirtyknapkin@lemmy.world
      link
      fedilink
      English
      410 months ago

      the heck was when they got the username and password. this is just the extended consequences because people use the same password for everything.

      • @surewhynotlem@lemmy.world
        link
        fedilink
        English
        210 months ago

        That is correct. But they didn’t get that from 23andMe. They got the username and password from other sites that were hacked, and the affected users were those that had the same password on 23andme. This is not a 23andMe security issue.

        • @thedirtyknapkin@lemmy.world
          link
          fedilink
          English
          210 months ago

          that’s kind of fair, but part of the point is that they didn’t even need to access the accounts of people that were compromised. they just needed to access someone who was related to them to access their genetic info.