Cyber Security Today, Jan. 5, 2023 – 23andMe blames poor user password practices for a data breach

Share post:

23andMe blames poor user password practices for a data breach.

Welcome to Cyber Security Today. It’s Friday, January 5th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Who’s at fault for the recent huge data breach at the genetic testing service 23andMe? Users and their poor password practices, says the company. That’s according to a news story on TechCrunch.  The company is writing people that some customers “negligently recycled and failed to update their passwords,” which led to the data breach. The company denies the attack was the result of 23andMe failing to maintain reasonable security measures. According to the news story, before the data theft the use of multifactor authentication for login protection was optional. Now it’s mandatory. Hackers were able to access the accounts of about 14,000 people by brute-forcing logins with a list of stolen usernames and passwords from other sites. Those accounts held personal information of linked relatives, so the total number of victims added up to 6.9 million people.

In a commentary Ken Westin, field CISO of Panther Labs said blaming victims for a data breach isn’t fair. On the other hand, other IT experts say subscribers to any service have to take some responsibility for their password practices.

Users of the LastPass password manager can’t get away with short master passwords any more. According to Bleeping Computer, the company says subscribers now have to create master passwords of at last 12 characters. Since April that’s been the rule for new users or those resetting their passwords. But older accounts were still able to use short master passwords. As many people say, the longer the better.

Russian hackers were inside the biggest Ukrainian telecom provider for at least seven months before knocking it offline last month. That’s what the head of Ukraine’s cybersecurity agency has told the Reuters news agency. Service to about 24 million users was chopped for days when the attack wiped thousands of the telco’s virtual servers. The official said the incident is a warning to countries around the world that “no one is actually untouchable.”

Canadian mining company Barrick Gold has become the latest business to tell people their data was stolen in the hack of a MOVEit file transfer server. The company notified the Maine Attorney General’s office this week that it is sending letters to over 2,700 victims. It isn’t clear if these are only Americans. Barrick spokespersons didn’t reply to an emailed query for clarification. So far over 2,726 organizations have been victimized directly or indirectly of the hack of MOVEit file transfer systems, resulting in the exposure of data of over 93 million people.

Xerox says some personal information held by its Business Solutions subsidiary was stolen in a recent cyber attack. The incident had no impact on Xerox’s corporate systems, operations or data, the company says.

Finally, Google is expected to soon start publicly testing a version of its web browser that by default deletes third-party cookies. The goal is to improve privacy. According to The Register, an estimated 30 million Chrome users – representing roughly one percent of the user base – will be involved in the test. In the second half of this year a broader phase out of third-party cookies is expected. Chrome users have been able to opt-in to a program of dropping third-party cookies for several months.

Note that because of the holidays there won’t be a Week in Review podcast this afternoon. The show resumes next Friday.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Jan. 5, 2023 – 23andMe blames poor user password practices for a data breach first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Hashtag Trending Feb.27- Will AI enable a four-day week?; SpaceX under scrutiny for allegedly blocking satellite internet services in Taiwan; How much does it...

Prelude: Just a note out there. We’ve been having problems with some of our podcasts. Our hosting partner Libsyn says they are working on this. We hope it’s not inconveniencing you. But we’ll push to get this fixed.  If you are having issues, please write me at jlove@itwc.ca  Any data we can gather will be

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways