A company spokesperson said the hackers gained access to some customer accounts through reused passwords.

Genetic testing company 23andMe said Monday that hackers were able to access the data of about 6.9 million people, far more than the company previously acknowledged.

The finding is the result of an investigation 23andMe launched in October, after at least one list of people whom the site identified as having Ashkenazi Jewish ancestry was posted online.

  • Danny M@lemmy.escapebigtech.info
    42·
    11 months ago

    because I’m pretty sure they need some of that data to be unencryped; records of related customers can improve accuracy drastically

    I don’t even think this should be a feature, but, if it has to, then they can have two versions of it, one that they use for training and improving the results and a user can only access their data from a frontend by decryping it (locally) with their key

    also this “hack” was done by just abusing built-in features (“dna relatives” system), not actually breaking any security.

    irrelevant. if you had a key pair no amount of password guessing would get them there