The 23andMe user data leak could be far worse than expected
With Israel-Hamas As the war intensifies day by day, many people are desperately searching for accurate information about the conflict. It has proven difficult to obtain. This has been most evident on Elon Musk’s
Case in point: An explosion at a hospital in Gaza on Tuesday was followed by a wave of misinformation and disinformation surrounding the cause. In the hours after the blast, Hamas blamed Israel, Israel blamed militants in Gaza, mainstream media repeated both sides’ claims without any confirmation, and people posing as open-source intelligence experts put out dubious analysis . The result was a toxic mix of information that made it harder than ever to figure out what was real.
On Thursday, the U.S. Treasury Department proposed plans to treat foreign-based cryptocurrency “mixers” – services that obscure who owns which particular coins – as suspected money laundering operations, citing crypto donations to Hamas and Palestinian Islamic Jihad as justification . a Gaza Strip-based militant group with ties to Hamas that blames Israel for the hospital explosion. Although these types of companies use mixers, experts say they are far less likely to do so so far than criminal groups with ties to North Korea and Russia – likely the real targets of the Treasury Department’s proposed crackdown.
In Myanmar, where a military junta has been in power for two years, people who speak out on social media against deadly air strikes are being systematically pressured on pro-junta Telegram channels. Some were later tracked down and arrested.
Finally, the online ecosystem of AI-generated deepfake pornography is quickly spiraling out of control. The number of websites specializing in and hosting these fake, non-consensual images and videos has increased significantly in recent years. With the advent of generative AI tools, creating these images is quick and dangerously easy. And finding them is trivial, researchers say. All you need to do is a quick Google or Bing search and this invasive content is just a click away.
That’s not all. Every week we summarize the security and data protection topics that we haven’t reported on in detail ourselves. Click on the headlines to read the full stories and stay safe out there.
The recent theft of user data by genetic testing giant 23andMe may be more extensive than previously thought. On October 6, the company confirmed that numerous user data had been stolen from its website, including names, birth years and general descriptions of genetic data. The data affected hundreds of thousands of users of Chinese descent and primarily targeted Ashkenazi Jews. This week, a hacker who claims to have stolen the data put millions more records up for sale on the BreachForums platform, TechCrunch reports. This time, the hacker claimed, the records involved people from the UK, including “the richest people living in the US and Western Europe on this list.” A 23andMe spokesperson tells The Verge that the company is “currently reviewing the data to determine whether it is legitimate.”
According to 23andMe, there was no attack on the company’s systems. Instead, it said the data theft likely resulted from people on their 23andMe accounts reusing passwords that were exposed in previous breaches and then used to access their accounts. If you need motivation to stop recycling passwords, this is it.
The U.S. Justice Department said Wednesday it uncovered a vast network of IT workers who collected paychecks from U.S.-based companies and then sent that money to North Korea. The freelance IT workers are accused of sending millions of dollars to Pyongyang, which used the funds to build its ballistic missile program. While the workers allegedly claimed to live and work in the United States, they often lived and worked in China and Russia and took steps to conceal their true identities, according to the DOJ. According to an FBI official involved in the case, it is “more than likely” that a freelance IT worker hired by a U.S. company was part of the conspiracy.
Searching online may have gotten a little more dangerous. On Monday, a Colorado Supreme Court upheld police use of a so-called keyword search warrant. With these types of search warrants, law enforcement requires companies like Google to release the identities of everyone who searched for specific information. This is the opposite of how traditional search warrants work, where police officers identify a suspect and then use search warrants to obtain information about them.
Keyword search warrants have long been criticized as “fishing expeditions” that violate the U.S. Constitution’s Fourth Amendment right against unreasonable searches and seizures because they may reveal police information about innocent people who searched for a particular term but did not were involved in a related crime.
