The Help Desk
Posts
23 and Me and Everybody Else (1)

23 and Me and Everybody Else (1)

Protecting yourself from data breaches

The Help Desk
February 14, 2024

Dear Readers,

Your DNA can be hacked now. 23andMe has been in the news lately after being sued repeatedly for a data breach that took place last year. I wanted to talk about tips to help avoid being a victim of these breaches.

^{Last week we discussed the importance of updating your devices. We also shared links to find the latest updates for your device of choice. Check it out if you missed it.}

Everyone Gets a Robot in 2024

Update Your Robot

www.thehelpdesk.news/p/everyone-gets-robot-2024

What happened?

Credential Stuffing is what happened. Digital misfits collected usernames and passwords from all the other data beaches that have occurred in the past. They took those credentials and entered them into other websites and digital services. This works because we have a tendency to use the same passwords and usernames for multiple accounts. Meaning if you can get into one you can get into more.

Who should be concerned?

You should be slightly concerned if you used the same password and username for more than one account. Especially if one of those accounts was at 23andMe. In fact 23and Me has claimed that it is the users fault that their accounts were hacked because they didn’t change their credentials after they were exposed in prior breaches. Let’s think about that. 23andMe is saying that if your login credentials were leaked by Equifax in 2017 ( or anyone else) and the attacker used those credentials to illegally access your account in 2023 then it is your fault.

“users negligently recycled and failed to update their passwords following … past security incidents, which are unrelated to 23andMe.” -23andMe

What can you do?

At The Help Desk we use a few simple rules to prevent attacks and protect ourselves. Let’s look at the components of this attack and highlight rules that could have helped:

‘Digital misfits collect usernames and passwords from all the other DATA BREACHES that have occurred in the past.’

Our rule is always use unique passwords and usernames for each account. If you’re concerned about keeping up with all of your unique passwords we also have a rule about always using a password manager. Hint the iPhone has a great on built in!!

‘Then they take those credentials and enter them into other websites and digital services.’

Our rule is to always use Multi-factor Authentication (MFA). Something you know and something you have is the general guideline. The most common example of MFA is after you login you are required to verify a code sent to your mobile device. The password is something you know, the code comes from something you have (your device).

What does it all mean?

Your personal data is not safe anywhere. Worse still 23andMe has set a new precedent by blaming its own faults on their customers. You are on your own to protect your information and prevent being a victim. Apparently the stakes are even higher because attackers don’t just want your money and passwords; they also want your DNA.

Next Tuesday we will talk about email and email security.

Stay informed,

The Help Desk

For further reading:

23andMe Blames Customers:
[Link to Article]
23andMe Hacked:
[Link to Article]
What is Credential Stuffing::
[Link to Article]

Stay updated on the latest threats and security trends by subscribing to The Help Desk newsletter. https://www.thehelpdesk.news/subscribe