Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/ret2bed/statuses/111694081962312481">ret2bed is hacking web apps :verified: (ret2bed@infosec.exchange)'s status on Thursday, 04-Jan-2024 06:24:01 JST</a><a href="https://infosec.exchange/@ret2bed" title="ret2bed@infosec.exchange"><img src="https://gnusocial.jp/avatar/109227-48-20230323133823.webp" width="48" height="48" alt="ret2bed is hacking web apps :verified:" style="position: absolute; left: 0; top: 0;">ret2bed is hacking web apps :verified:</a><div><a href="https://bikeshed.party/objects/ee0f7af9-4228-4f21-acdf-0836f80797c7" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/10721" title="jomo@mstdn.io">jomo</a></li><li><a href="https://gnusocial.jp/user/107000" title="lorenzofb@infosec.exchange">Lorenzo Franceschi-Bicchierai</a></li></ul></div></section><article><p><a href="https://bikeshed.party/users/feld">@feld</a> <a href="https://mstdn.io/@jomo">@jomo</a> <a href="https://infosec.exchange/@lorenzofb">@lorenzofb</a> what do you mean? It states that your ancestry reports as well as additional information "including genetic variants related to health" are shared with genetic relatives if you enable the related feature.</p><p>How even the most basic ancestry information can be used in the wrong hands is not that hard to imagine.</p><p><a href="https://www.wired.com/story/23andme-credential-stuffing-data-stolen/" rel="nofollow noreferrer">https://www.wired.com/story/23andme-credential-stuffing-data-stolen/</a> </p><p>And I would think the fact that it states only genetic relatives receive this kind of data would be enough to reassure users that the data was reasonably safe. </p><p>Again imo access to that feature should have been restricted to user accounts with a certain minimum level of security, including 2FA.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2537914#notice-5024575">In conversation</a><time datetime="2024-01-04T06:24:01+09:00" title="Thursday, 04-Jan-2024 06:24:01 JST">Thursday, 04-Jan-2024 06:24:01 JST</time> <span>from <span><a href="https://infosec.exchange/@ret2bed/111694081962312481" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@ret2bed/111694081962312481">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
ret2bed is hacking web apps :verified: (ret2bed@infosec.exchange)'s status on Thursday, 04-Jan-2024 06:24:01 JSTret2bed is hacking web apps :verified:
in reply to
@feld @jomo @lorenzofb what do you mean? It states that your ancestry reports as well as additional information "including genetic variants related to health" are shared with genetic relatives if you enable the related feature.
How even the most basic ancestry information can be used in the wrong hands is not that hard to imagine.
https://www.wired.com/story/23andme-credential-stuffing-data-stolen/
And I would think the fact that it states only genetic relatives receive this kind of data would be enough to reassure users that the data was reasonably safe.
Again imo access to that feature should have been restricted to user accounts with a certain minimum level of security, including 2FA.
In conversationThursday, 04-Jan-2024 06:24:01 JST from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice