Cyberview #3: Genetic data leak, cyberattack hits Clorox, and wearable AI
Éanna Motherway
October 30, 2023
Table of contents
Welcome back to another episode of Cyberview! Learn about developments in the world of tech and cybersecurity with Gerald Kasulis, Frida Kreitzer, and Carlos Salas. \n\nIn this episode, the Cyberview team takes a look at some worrying data leaks at genetics testing giant 23andMe and a major cyberattack at Clorox that looks a lot like the ransomware-fueled casino shutdowns covered in. We’re also looking at the privacy implications of wearable AI, now majorly in the focus of industry heavy-hitters like Meta, OpenAI, and RayBan.
Genetic data leak, 23andMe point to credential stuffing
Hackers are selling genetic data stolen from users of the company 23andMe. The company itself says they weren’t breached, although their users’ data was used by what seems to be a single threat actor stealing personal details and genetic data. This data was then published or advertised online. 23andMe suggested that the threat actor(s) gained unauthorized access with “recycled login credentials”, a technique known as credential stuffing.
The logic is simple: Keep trying stolen username/password combinations, and eventually, they’ll work on another site. An easy solution to credential stuffing attacks? You guessed it: Multi-factor authentication (MFA). While 23andMe has offered an MFA feature since 2019, it was not made mandatory for users. With genetic and personal data at stake and up to 7 million users affected by these recent breaches, it might be time for a change in policy.
The Bleach Breach: Clorox revenue and supply chain hit
Clorox, the household cleaning giant, predicts a more than 20% drop in quarterly sales due to a cyberattack (thought to be ransomware) that caused product shortages and operational disruptions. Manufacturing, often kept running by legacy systems and sprawling workforces, suffers more cyberattacks than any other industry.
The Clorox incident is being linked to the same group responsible for the MGM and Caesars Palace hacks, discussed in our previous episode, which occurred around the same time in August 2023. “Scattered Spider” is notorious for using social engineering methods to gain access to internal systems. The Clorox Company’s share price has dropped by over 7 percent in the last month.
Wearable AI: Trendy or just trending?
Tech companies are rushing to secure the lead in wearable AI products. Meta has collaborated with Ray-Ban on a pair of high-tech glasses, enabling wearers to live stream directly from the glasses to Facebook or Instagram and voice activate Meta AI, “an advanced conversational assistant”. Jony Ive, Apple’s legendary former design lead, and OpenAI are reportedly teaming up to design the “iPhone of AI”.
Rewind.ai unveiled a neck-worn pendant that records conversations to your smartphone and creates a searchable database of life moments. Humane, imagining “a world where you can take AI everywhere”, have developed a smart device that resembles a badge or lapel pin.
The common goal here seems to be for technology to rely less on screens, to fade from view, and become all but invisible.
Stay tuned for the next episode of Cyberview.