this post was submitted on 07 Jan 2024
205 points (96.0% liked)

Technology

58135 readers
4134 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
205
23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits (www.wired.com)
submitted 8 months ago by L4s@lemmy.world to c/technology@lemmy.world
27 comments fedilink hide all child comments
 

23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits::Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more.

you are viewing a single comment's thread
view the rest of the comments
[–] Shdwdrgn@mander.xyz 4 points 8 months ago (1 children)

Perhaps a better question would be to ask why they are allowing 14k separate logins from (what was probably) the same IP address? If you ask any big email provider, they will tell you they immediately shut down any access from that IP due to suspicious behavior, while simultaneously resetting the passwords of all the accounts that appear to be compromised. Typically you should have records of the IPs used for previous logins so it's fairly simple to compare records having suspicious activity and see if the accounts in question had any previous relationships with each other. And once you have that information on hand you can use it to monitor the compromised accounts for any further login attempts by unknown IPs and then block THOSE addresses as well.

When you have that many active user accounts, you do not just settle for simply accepting the correct credentials.

[–] SnotFlickerman@lemmy.blahaj.zone 0 points 8 months ago (1 children)

You are aware that IP spoofing exists? It's not impossible for the hacker to have appeared to have been connecting from many different connections.

[–] Shdwdrgn@mander.xyz 4 points 8 months ago

Yes I am, as I'm sure you are aware that IP spoofing is pretty much only relevant where you are sending outgoing packets (like in a DDoS attack) and do not expect to receive any information back. If you need two-way communication over TCP, spoofing doesn't work because the returned information naturally gets routed back to the host of the real IP and not to the spoofed address. Obviously these attackers received some information back.