Checklist 348: 23andMe and You and Everyone We Know

23andMe Faces Ongoing Data Breach as Hackers Leak Millions of User Records

TechCrunch, McAfee, and multiple other sources report on an ongoing data breach at 23andMe, the personal genomics and biotech company, which has seen millions of user records exposed to hackers.

23andMe revealed several weeks ago that hackers had accessed user data, with the breach attributed to credential stuffing, a technique where hackers exploit publicly available usernames and passwords from previous breaches. Investigations by TechCrunch indicate that the breach was ongoing for months before the public announcement was made by 23andMe.

On August 11, a hacker on a cybercrime forum advertised a set of 23andMe user data, matching records from the previous breach. Recently, another hacker named “Golem” leaked a new dataset containing records of four million users, adding to the company’s woes. Depending on the user’s 23andMe plan, a range of information, including names, genders, birth years, current locations, genetic ancestry, and health results, might be in the hands of malicious actors.

The breach extends to users who had opted in to the “DNA Relatives” feature. Users connected through this feature might have their information exposed, even if they had strong passwords and 2FA enabled.

The company is currently collaborating with third-party forensic experts and federal law enforcement officials to determine the source of the hack while also keeping users informed about the situation.

23andMe advises users to change their passwords immediately, activate multi-factor authentication, and monitor their identity, credit, and transactions. McAfee emphasizes the importance of considering the information shared online and its potential consequences, highlighting that users have control over their online data.

This ongoing breach serves as a reminder of the risks associated with sharing sensitive genetic and personal information online, prompting users to be vigilant about securing their accounts and the information they disclose.

FTC Warns of Social Media Scam Epidemic: Billions Lost, Younger Generations Most Vulnerable

In a recent report, the Federal Trade Commission (FTC) has issued a stark warning, labeling social media as a fertile ground for scammers to exploit unsuspecting users. The FTC highlights several key concerns regarding how scammers leverage social media to defraud individuals:

1. Fake Personas and Hacked Profiles

   Scammers can easily create fake personas or hack into users’ profiles to impersonate them and deceive their friends.

2. Tailored Approaches

   By analyzing users’ social media activity, scammers can tailor their fraudulent schemes to exploit personal information shared on these platforms.

3. Targeted Ads

   Scammers using advertisements can employ tools available to advertisers to precisely target victims based on personal details, such as age, interests, or past purchases.

The report underscores the alarming scope of this issue, stating that “one in four people who reported losing money to fraud since 2021 said it started on social media.”

The financial impact of social media scams is colossal, with reported losses surpassing a staggering $2.7 billion, making it the most prolific method for scams. This figure likely underestimates the true extent of the problem, as many frauds go unreported. Contrary to common assumptions that scams mainly target the elderly, the FTC reveals that for individuals aged 18-29, social media was the contact method in over 38% of reported fraud cases. Among those aged 18-19, this figure jumped to 47%, aligning with generational differences in social media usage.

The report indicates that fraudulent purchases marketed on social media account for 44% of all reported fraud losses in the first half of 2023. Meanwhile, fake investment opportunities accounted for the most substantial financial losses.

To combat these scams, the FTC suggests taking proactive measures such as limiting the visibility of your social media posts, exercising privacy settings, and verifying unusual requests from friends.

• Suspicious Messages: If a friend requests money urgently through cryptocurrency, gift cards, or wire transfers, the FTC advises contacting them directly to verify the request.
• Romance Scams: Be cautious of individuals rushing into a friendship or romance on social media and never send money to someone you haven’t met in person.
• Company Verification: Before making online purchases, conduct a thorough search for the company name along with terms like “scam” or “complaint.”

For additional tips and resources on avoiding scams, the FTC directs users to ftc.gov/scams and encourages reporting scams at ReportFraud.ftc.gov.

The FTC’s warning serves as a wake-up call for social media users, especially the younger generation, to exercise vigilance and implement safeguards to protect themselves from the growing menace of scams on these platforms.

California’s ‘Delete Act’ Gives Hope to Privacy Advocates

California Governor Gavin Newsom has signed the Delete Act, a bill aimed at bolstering privacy by making it easier for residents to remove their personal data from the clutches of data brokers. The law, officially known as SB 362, was introdu`ced in April 2023, granting Californians the right to have their data deleted without the need to approach individual companies.

The Delete Act shifts the responsibility to data brokers, mandating them to register with the California privacy protection agency (CPPA). This law also requires the CPPA to create a simple and free process for Californians to request data deletion from all state data brokers through a single platform. Non-compliance with these regulations will result in fines and penalties.

Notably, advertising companies and data brokers have voiced concerns similar to those expressed during the rollout of Apple’s App Tracking Transparency rules in 2021. They argue that the Delete Act could undermine their industry as they purchase and sell consumer data, including location, addresses, and online activities. They claim that smaller businesses will lose a vital means to reach potential customers and consumers will have reduced exposure to new products and services.

This issue goes beyond commercial interests, as civil liberties and privacy advocates have long called for stricter regulations surrounding the data broker industry. They raise concerns about the lack of transparency in the sale and sharing of consumer data and the potential for law enforcement to obtain personal information without the need for subpoenas or warrants. The law will take effect by 2026.

For some experts, including Rob Shavell, CEO of Delete Me, a company that assists people in removing their personal information from data brokers, the law may not go far enough. They express concerns about companies exempted from the bill, which they identify as data brokers.