this post was submitted on 03 Jan 2024
825 points (94.4% liked)

Technology

69491 readers
4075 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
825
23andMe tells victims it's their fault that their data was breached | TechCrunch (techcrunch.com)
submitted 1 year ago by Eezyville@sh.itjust.works to c/technology@lemmy.world
272 comments fedilink hide all child comments
 

Hope this isn't a repeated submission. Funny how they're trying to deflect blame after they tried to change the EULA post breach.

you are viewing a single comment's thread
view the rest of the comments
[–] elscallr@lemmy.world 34 points 1 year ago (2 children)

Reusing credentials is their fault. Sure, 23&me should've done better, but someone was likely to get fucked, and if you're using the same password everywhere it is objectively your fault. Get a password manager, don't make the key the same compromised password, and stop being stupid.

[–] Hegar@kbin.social 26 points 1 year ago* (last edited 1 year ago)

It's at least 99.8% the company's fault.

Even if we blame those 14k password reusers, we're blaming 1 in every 500 victims. Being able to access genetic information and names of 6.9 million people - half your entire customers! - by hacking 0.02% of that is the fault of the company. They structured that access and failed to act on the obvious threat it represents.

But why blame password reusers? Not every grandparent interested in their family tree is capable of even understanding data security, let alone juggling multiple passwords or a PW manager.

Credential stuffing is an inevitable part of security landscape - especially for one time use accounts like genetics sites. A multimillion dollar IT department is just clearly responsible for preventing egregious data security failures.

[–] rainerloeten@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

I would say it's partially their fault. IMHO 23&me is mainly to blame. They should've enforced (proper) 2FA. Sure, people should've known better, but they didn't; they oftenly don't. But 23&me did know better.

Edit: spelling