Cyber Security Today, Jan. 5, 2023 – 23andMe blames poor user password practices for a data breach

23andMe blames poor user password practices for a data breach.

Welcome to Cyber Security Today. It’s Friday, January 5th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Who’s at fault for the recent huge data breach at the genetic testing service 23andMe? Users and their poor password practices, says the company. That’s according to a news story on TechCrunch.  The company is writing people that some customers “negligently recycled and failed to update their passwords,” which led to the data breach. The company denies the attack was the result of 23andMe failing to maintain reasonable security measures. According to the news story, before the data theft the use of multifactor authentication for login protection was optional. Now it’s mandatory. Hackers were able to access the accounts of about 14,000 people by brute-forcing logins with a list of stolen usernames and passwords from other sites. Those accounts held personal information of linked relatives, so the total number of victims added up to 6.9 million people.

In a commentary Ken Westin, field CISO of Panther Labs said blaming victims for a data breach isn’t fair. On the other hand, other IT experts say subscribers to any service have to take some responsibility for their password practices.

Users of the LastPass password manager can’t get away with short master passwords any more. According to Bleeping Computer, the company says subscribers now have to create master passwords of at last 12 characters. Since April that’s been the rule for new users or those resetting their passwords. But older accounts were still able to use short master passwords. As many people say, the longer the better.

Russian hackers were inside the biggest Ukrainian telecom provider for at least seven months before knocking it offline last month. That’s what the head of Ukraine’s cybersecurity agency has told the Reuters news agency. Service to about 24 million users was chopped for days when the attack wiped thousands of the telco’s virtual servers. The official said the incident is a warning to countries around the world that “no one is actually untouchable.”

Canadian mining company Barrick Gold has become the latest business to tell people their data was stolen in the hack of a MOVEit file transfer server. The company notified the Maine Attorney General’s office this week that it is sending letters to over 2,700 victims. It isn’t clear if these are only Americans. Barrick spokespersons didn’t reply to an emailed query for clarification. So far over 2,726 organizations have been victimized directly or indirectly of the hack of MOVEit file transfer systems, resulting in the exposure of data of over 93 million people.

Xerox says some personal information held by its Business Solutions subsidiary was stolen in a recent cyber attack. The incident had no impact on Xerox’s corporate systems, operations or data, the company says.

Finally, Google is expected to soon start publicly testing a version of its web browser that by default deletes third-party cookies. The goal is to improve privacy. According to The Register, an estimated 30 million Chrome users – representing roughly one percent of the user base – will be involved in the test. In the second half of this year a broader phase out of third-party cookies is expected. Chrome users have been able to opt-in to a program of dropping third-party cookies for several months.

Note that because of the holidays there won’t be a Week in Review podcast this afternoon. The show resumes next Friday.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast