Hacker Reacts to 23andme Data Leak

preview_player
Показать описание

=[ 📄 Info. ]=


Support LiveOverflow:

=[ 🐕 Social ]=

Chapters:
00:00 - Intro
00:50 - 23andme Data Theft
03:44 - 23andme responsibilities?
05:33 - Facebook Cambridge Analytica
06:40 - Compromised Accounts Paper
07:44 - Personal Responsibility
10:54 - Outro

=[ 📄 P.S. ]=

Hack the Planet!
  1. LiveUnderflow
  2. liveoverflow
  3. live stream
  4. streaming
  5. electronics
  6. twitch
Рекомендации по теме
Hacker Reacts to 0:11:24

Hacker Reacts to 23andme Data Leak

Do You Trust 0:00:47

Do You Trust 23andMe?

CIA Spy EXPLAINS 0:00:37

CIA Spy EXPLAINS Mossad’s Ruthless Tactics 🫣 | #shorts

Millions of 23andMe 0:10:32

Millions of 23andMe Users Have Had Their Genetic Data Leaked

23andMe Hackers' Data 0:01:34

23andMe Hackers' Data Breach Affects Nearly 7 Million, Half of User Base | TMZ TV

Hackers make off 0:00:45

Hackers make off with ancestry info of 6.9 million 23andMe users #shorts #hackers #23andme #technews

Joe Rogan - 0:04:30

Joe Rogan - The Problem with 23andMe

Local woman’s data 0:00:44

Local woman’s data leaked in 23andMe hack. #6onyourside #news

23 and Me 0:00:37

23 and Me Data Breach: How Hackers Exposed 6.9 Million Users! #shorts #trending #cybersecurity

Hacker trying to 0:00:41

Hacker trying to sell 23andMe’s stolen Jewish ancestry data

23andMe confirms hackers 0:00:07

23andMe confirms hackers stole ancestry data on 6.9 million users #humanHacking

Hackers Can Get 0:00:31

Hackers Can Get Your DNA!!!

STOP Using DNA 0:05:49

STOP Using DNA Test Kits! (here's why)

Don't enter the 0:00:59

Don't enter the dark web

23andMe Hackers Compile 0:00:43

23andMe Hackers Compile a List of People with Ashkenazi Jewish Ancestry

🫣What will hackers 0:00:25

🫣What will hackers do with the data stolen from 23 and me😱?

23andMe faces data 0:00:31

23andMe faces data breach: Over 7 million users exposed to hackers

How 23andMe Went 0:05:58

How 23andMe Went From $6B Valuation to Penny Stock | WSJ What Went Wrong

Jewish community concerned 0:02:18

Jewish community concerned after 23andMe data stolen, exposing genetic data of millions

Consider These Risks 0:02:39

Consider These Risks Before You Take That DNA Test

Diving into password 0:04:30

Diving into password protection after hacker claims to steal 23andMe user data

23andMe Blames Victims 0:00:52

23andMe Blames Victims for Cyber Hack

6.9 million users 0:00:27

6.9 million users of 23andMe had personal information stolen by hackers

Hackers Advertising Stolen 0:00:08

Hackers Advertising Stolen 23andMe Data

Комментарии
Автор

23andMe has a feature where we can find our relatives? Do they have a feature that does the opposite? It would be great to be warned whenever a relative is in within a certain mile radius so I can get away as fast as possible.

rumplstiltztinkerstein
Автор

I'm all for people taking responsibility, but in this case people that were doing everything right got breached because of other people that didn't. And I think it was 23andme's responsibility to make sure this couldn't happen, for example by *requiring* 2FA before you can opt-in for the "find my relatives" feature. We know for a fact that there are people that will reuse passwords and not use 2FA. While you can't protect these persons, you should at least make sure they won't put others at risk.

eaad
Автор

Back in primary school they claimed that we needed a kind of bike pass to bike to school alone, and we got one after proving that we knew how to bike safely in the 4th grade.
They couldn't really enforce it, and I found it stupid at the time, but now, I think it was more useful to have it be like that.
So, yeah, I agree with you, there should be some kind of drivers license for the internet.
If not just a course in cyber security/OPSec that everyone has to take.

mrt_
Автор

23andme could have done more - require 2FA for people who opt in to access other people’s genetics; rate limit and geovalidation as you say

Furthermore why isn’t 2FA mandatory for anything with medical sensitive information? IMO 23andme should require multi factor login because of the nature of their product

lawrencejob
Автор

the fundamental idea of a publicly available service which you put an abundance of sensitive information into is inherently insecure by default. many security professionals argue against similar digitization (e.g. NHS records in the uk) for the same reason.

parstrm
Автор

Many Discord servers require 2FA for mods, because with that role you might endanger others. Probably would have been a good idea to require 2FA for features like the relative search.

PhrNoBr
Автор

THANK YOU for this take. It's so frustrating to eee so many people not even read the article on this.

ndm
Автор

I don’t quite understand why such a sensitive platform wouldn’t enforce 2-factor authentication, which is now state of the art. Hard to blame it all on the users when there are technical measures they failed to implement.

minifreddusch
Автор

just going by the math, the people doing credential stuffing at 23andme had to test at least 5 MILLION passwords

Given the sensitivity of this data tho, people will probably have used the strongest of their often reused passwords, meaning it was likely a lot more than 5 million (2x), which really brings into question whether 23andme fucked up rate-limiting.

Facebook and WhatsApp fucked up rate-limiting, so it's not unlikely a small biotech *grift* like 23andme wouldn't have the same shitty security practices.

yeetyeet
Автор

Passkeys help. Basically automated password managers built into everything and instead of a page asking you to make a password it automatically creates an entry in the database on your system and it's random every time

casperes
Автор

O and about not expecting the car manufacturer to stop you from driving off a cliff...

Tesla: Hold My Kombucha!

ruinedbectorem
Автор

Yes, 100%. Thank you for spreading the word!

InfiniteQuest
Автор

I'm forcing my family to use a password manager for this exact reason. My younger siblings don't really care about security (the "i have nothing to hide" argument) and my parents... well they're now using a password manager, so issue solved :)

christophschneider
Автор

In general I understand your point, but the security is many times not high enought to prevent such trivial attacks. Just using rate limiting of 1 second per login attempt would add seconds or 57 days and some hours. It would have taken nearly 2 months longer to gather all this data and this is just the number of successful logins.

I see 23andme at fault.

Play_it
Автор

Hmmm… Why does this remind me of the Füllerführerschein I made in elementary school? XD

Lampe
Автор

hey can please you do a video on binarly's logofail uefi vulnerability

sudo
Автор

Could you create a YouTube video discussing the platform's guidelines on ethical hacking, including key dos and don'ts, and share your insights from past experiences with strikes? I faced a channel strike after posting a malware analysis video and would appreciate your expertise on navigating these rules.

drewalleman
Автор

imagine being in the convenience store buying a phone, and the clerk asks for your internet passport :D

jonathan-._.-
Автор

well said. as we know, credential stuffing doesn't just affect the one user. critical infrastructure gets targeted and breached with reused passwords all the damn time.
i will say that expecting adults to act like adults is extremely wishful thinking.

tqotbel
Автор

Thanks for saying what we are thinking.

ruinedbectorem