In a letter to victims who filed a lawsuit against the company, 23andMe blames its breach on customers for reusing passwords.

Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • rockSlayer@lemmy.worldEnglish
    36·
    9 months ago

    Is it also the User’s fault for the 6,898,600 people that didn’t reuse a password and were still breached?

    • pearsaltchocolatebar@discuss.onlineEnglish
      102·
      9 months ago

      Yes, because you have to choose to share that data with other people. 23andMe isn’t responsible if grandma uses the same password for every site.

      • rockSlayer@lemmy.worldEnglish
        24·
        9 months ago

        23andMe is responsible for sandboxing that data, however. Which they obviously didn’t do.

        • pearsaltchocolatebar@discuss.onlineEnglish
          2·
          9 months ago

          Did you not read my comment? Users opt in to sharing data with other accounts, which means if one account is compromised, then every account that allowed them access would have their data compromised too. That’s not on the company, because they feature can’t work without allowing access.

    • Zoolander@lemmy.worldEnglish
      51·
      9 months ago

      They weren’t breached. The data they willingly shared with the compromised accounts was available to the people that compromised them.

      • SpaceNoodle@lemmy.worldEnglish
        15·
        9 months ago

        Pretty sure nobody clicked a button that said “share my data with compromised accounts.”

        • Zoolander@lemmy.worldEnglish
          51·
          9 months ago

          There was a button that said “share my data with this account”. If that person went and shared that info publicly, how is that any different? The accounts accessed with accessed with valid credentials through the normal login process. They weren’t “breached” or “hacked”.