23andMe Blames Users for Recent Data Breach as It’s Hit With Dozens of Lawsuits::Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more.

  • automattable@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    11 months ago

    I get asked to prove I’m making a legit login attempt all the time because it’s from a new IP address. 23andMe could have implemented something similar, and given the sensitive nature of the data they host and given how we all know that people can’t be trusted to have good password hygiene, I think they should have been required to do so.

    IMO this whole thing is just more proof that we need better regulation around how companies treat users’ private information.

    • Snot Flickerman
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      11 months ago

      I think they should have been required to do so.

      Did you miss the part where our government can’t even pass a budget, but you’re expecting them to pass laws like this?

      Also, IP spoofing exists and is relatively easy.

      • bamboo
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 months ago

        You can’t spoof your IP address because of the TCP handshake. You could proxy your traffic to appear from coming from a different IP address than from the computers making the requests. This would still be identified as suspicious because the proxy IP address would differ from an IP address a user had logged in from before.

        Even if the “hackers” knew every user’s IP address, they would not be able to establish a connection with it appearing from an IP address that didn’t really initiate the traffic.