User data stolen from genetic testing giant 23andMe is now for sale on the dark web::User data from 23andMe accounts has been leaked and put up for sale on a dark web forum after what appeared to be a "credential stuffing" cyberattack.

  • huginn@feddit.it
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    2
    ·
    1 year ago

    If you think that IP blocking stops credential stuffing you really are out of your depth.

    Would it stop this guy if he was some skid just running Kali? Absolutely.

    But it ain't going to stop anyone more determined. Especially since you're going to let those blocks expire to avoid blocking legitimate customers. A patient opposition with minimal resources will get by that kind of naive approach.

    Not only that but you have 0 evidence they didn't IP block. They absolutely could have standard protocols in place but anything short of 2fa is inherently vulnerable.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      6
      ·
      1 year ago

      If you want to move goalposts… Then fine. But I won't engage in that bullshit.

      It IS trivial to implement. It is literally a non-zero thing they could have implemented but chose not to. That's all I've claimed.

      Go strawman someone else.

      If you think that IP blocking stops credential stuffing you really are out of your depth.

      You can slow it way the fuck down though if you do it right. But nah, I'm out of my depth supposedly. You sound like a fucking tool.

      • akrot@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        1 year ago

        I think what he was trying to say, implementing those strategies would deter 90% of rookies (using kali toolkit as a service), but not the 10% who got the right technical knowledge and enough motivation to clamp down on what they want.