Notices by ret2bed is hacking web apps :verified: (ret2bed@infosec.exchange)

@feld @jomo @lorenzofb what do you mean? It states that your ancestry reports as well as additional information "including genetic variants related to health" are shared with genetic relatives if you enable the related feature.

How even the most basic ancestry information can be used in the wrong hands is not that hard to imagine.

https://www.wired.com/story/23andme-credential-stuffing-data-stolen/

And I would think the fact that it states only genetic relatives receive this kind of data would be enough to reassure users that the data was reasonably safe.

Again imo access to that feature should have been restricted to user accounts with a certain minimum level of security, including 2FA.

@feld @jomo @lorenzofb I disagree. Maybe if the data of the affected user was the only data available when logging into an account but they have broken into a bunch of accounts and then stole further data from genetic matches iirc.

Not preventing that kind of data theft when one of the parties did not have 2fa enabled is hardly the fault of the user but completely on the platform. This should not have been possible for accounts that don't have basic 2FA enabled.

@TechConnectify I've long been complaining about the missing creativity of hackers these days. Everything is now a crypto scam. Why can't we have nice defacements and the occasional Max Headroom incident anymore?