this post was submitted on 07 Jan 2024
205 points (96.0% liked)

Technology

60009 readers
3602 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits::Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more.

you are viewing a single comment's thread
view the rest of the comments
[–] automattable 9 points 11 months ago (1 children)

I get asked to prove I’m making a legit login attempt all the time because it’s from a new IP address. 23andMe could have implemented something similar, and given the sensitive nature of the data they host and given how we all know that people can’t be trusted to have good password hygiene, I think they should have been required to do so.

IMO this whole thing is just more proof that we need better regulation around how companies treat users’ private information.

[–] [email protected] -4 points 11 months ago* (last edited 11 months ago) (1 children)

I think they should have been required to do so.

Did you miss the part where our government can't even pass a budget, but you're expecting them to pass laws like this?

Also, IP spoofing exists and is relatively easy.

[–] [email protected] 5 points 11 months ago

You can't spoof your IP address because of the TCP handshake. You could proxy your traffic to appear from coming from a different IP address than from the computers making the requests. This would still be identified as suspicious because the proxy IP address would differ from an IP address a user had logged in from before.

Even if the "hackers" knew every user's IP address, they would not be able to establish a connection with it appearing from an IP address that didn't really initiate the traffic.