GREENGROUND

Image: The Verge

Heavyweight, one of Gimlet’s flagship shows and a favorite among people in the industry, has been cancelled by Spotify. After the show finishes its current season, the team that makes Heavyweight will be laid off, a person familiar with the situation told The Verge.
“We are extremely proud of the team who has supported these talented storytellers across each of the incredible episodes of Heavyweight,” Spotify spokesperson Rosa Oh said in a statement to The Verge. “We are excited to share the upcoming episodes and season that will be available on Spotify and other podcast platforms, and we will work with the show creator to ensure a smooth transition for wherever the series goes next.”
The cancellation comes as Spotify executes a layoff of 17 percent of its staff and carries out a very different podcasting strategy than it started with. In 2019, Spotify paid $230 million to acquire Gimlet, which at the time was the buzziest independent podcast operation in the business. But the studio failed to produce the kind of hit shows that Spotify was looking for and lost its biggest hit, Reply All, after co-host PJ Vogt and producer Sruthi Pinnamaneni were accused of fostering a discriminatory environment. Over the next year, Gimlet’s programming and staff were whittled down to a fraction of what it had started with and the studio was folded into Spotify Originals. Meanwhile, Spotify moved away from prestigious, narrative podcasts in favor of personality-driven chat shows like Joe Rogan Experience and Call Her Daddy.
Stolen, another show from Gimlet that has earned acclaim (and a a Pulitzer Prize, to boot), has also been cancelled, according to Bloomberg. The show will also finish out its current season. Both shows may have the opportunity to be shopped elsewhere after their runs end.

Image: Getty

23andMe confirmed that a recent breach leaked data belonging to 6.9 million users. In an emailed statement to The Verge, company spokesperson Andy Kill says the breach affected around 5.5 million users who had DNA Relatives enabled, a feature that matches users with similar genetic makeups, while an additional 1.4 million people had their family tree profiles accessed.
In a filing with the Securities and Exchange Commission (SEC) and update to its blog post late on December 1st, 23andMe said a threat actor using a credential stuffing attack — logging in with account info obtained in other security breaches, usually due to password reuse — directly accessed 0.1 percent of user accounts, making up around 14,000 users. With access to those accounts, the attackers used the DNA Relatives feature, which matches people with other members they may share ancestry with, to access the additional information from millions of other profiles.
“We still do not have any indication that there has been a data security incident within our systems”
Its Friday statement noted the hacker also accessed “a significant number of files” via the Relatives feature but didn’t include the figure stated above.
Kill tells The Verge, “We still do not have any indication that there has been a data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks.” This statement is at odds with the fact that information from 6.9 million users is now in the hands of attackers. The overwhelming majority of those people are affected because they opted into a feature provided by 23andMe, which failed to prevent the breach by either limiting access to the information or requiring additional account security.
The first public signs of trouble appeared in October when 23andMe confirmed user information was up for sale on the dark web. The genetic testing site later said it was investigating a hacker’s claims that they leaked 4 million genetic profiles from people in Great Britain and “the wealthiest people living in the U.S. and Western Europe.”
The 5.5 million DNA Relatives profiles leaked included users who weren’t a part of the initial credential stuffing attack. The data revealed includes things like display names, predicted relationships with others, the amount of DNA users share with matches, ancestry reports, self-reported locations, ancestor birth locations, family names, profile pictures, and more.
The remaining 1.4 million users who also participated in the DNA Relatives feature had their family tree profiles accessed. This feature similarly includes display names, relationship labels, birth year, and self-reported locations. It doesn’t include the percentage of DNA shared with potential relatives on the site or matching DNA segments.
23andMe says it’s still in the process of notifying users affected by the breach. It has also started warning users to reset their passwords and now requires two-step verification for new and existing users, which previously was optional.

Further validating how brittle the security of generative AI models and their platforms are, Lasso Security helped Hugging Face dodge a potentially devastating attack by discovering that 1,681 API tokens were at risk of being compromised. The tokens were discovered by Lasso researchers who recently scanned GitHub and Hugging Face repositories and performed in-depth research