https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/

The information that has been exposed from this incident includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.

The threat actor accessed a small number of 23andMe accounts and then scraped the data of their DNA Relative matches, which shows how opting into a feature can have unexpected privacy consequences.

• Usernames Profile Photos DoB

They can be linked to other online accounts. This allows for phishing, potentially scamming or getting additonal information on them which can lead to more sophisticated/personalised scams. Older, less tech savvy users are better targets for scammers.

• Username Sex DoB Genetic Ancestry Location data

Data aggregators can sell this info to Health Insurance Companies or any other system who can then discriminate based on genes sex age or location

• All of this information

Can contribute to people committing fraud with their information if they collect enough information from different sources.

• DNA relatives

Having enough information about a user to use it to target their now known relatives in personalised scams.

The people that did this probably didn’t know what information they were going to get, maybe they were hoping for payment info, and settled for trying to just sell what they got.

Any information, no matter how useless it might seem, is better than no information and enough useless information in the wrong hands can be very valuable.

Theres countless data breaches every year and people will collect it all and link different accounts from different breaches until they have enough information. Most people use the same email address for every website and a lot of people reuse the same passwords, which is how this data leak occurred. Knowing that these users reuse the same email/password combination here means theres a very good chance they’ve reused it elsewhere.

You can check out what data breeches have occured and if your email or password has been posted in any of these dumps here https://haveibeenpwned.com/

Once the information is out there, its out there for good and what might seem trivial now to you could be valuable tomorrow to someone else

I see the Extend part of Embrace Extend Extinguish is about to start…

https://www.washingtonpost.com/technology/2020/10/07/apple-geep-iphone-recycle-shred/ and they’ll sue you if you try to stop them from making more E-waste! https://youtu.be/rZjbNWgsDt8

The issue with this is the difference between GB (1,000,000,000 bytes) and GiB (1,073,741,824 bytes) https://massive.io/file-transfer/gb-vs-gib-whats-the-difference/

HDD manufacturers use GB, which is a metric measurement, because its better for marketing while computers use GiB, which is a binary measurement. So people think they’re buying 15GiB but in reality they’re buying 13.5GiB marketed as 15GB