In a letter to victims who filed a lawsuit against the company, 23andMe blames its breach on customers for reusing passwords.

Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • douglasg14b@lemmy.worldEnglish
    408·
    9 months ago

    OP spreading disinformation.

    Users used bad passwords. Their accounts where accessed using their legitimate, bad, passwords.

    Users cry about the consequences of their bad passwords.

    Yeah, 23AndMe has some culpability here, but the lions share is still in the users themselves

    • AdamEatsAss@lemmy.worldEnglish
      143·
      9 months ago

      Are you telling me a password of 23AndMe! Is bad? It meets all the requirements.

    • Eezyville@sh.itjust.worksOPEnglish
      01·
      9 months ago

      How am I spreading disinformation? I just contributed an article I found interesting for discussion.

    • Hegar@kbin.social
      02·
      9 months ago

      Yeah, 23AndMe has some culpability here, but the lions share is still in the users themselves

      Tell me you didn’t read the article without telling me.

      If 14,000 users who didn’t change a password on a single use website they probably only ever logged into twice gives you 6.9 million user’s personal info, that’s the company’s fault.

      • JohnEdwa@sopuli.xyzEnglish
        2·
        9 months ago

        You didn’t read it either. They gained access to shared information between the accounts because both accounts had enabled “share my info with my relatives” option.

        Logging into someones Facebook and seeing their friends and all the stuff they posted as “friends only” and their private DM discussions isn’t a hack or a vulnerability, it’s how the website works.

        • Hegar@kbin.social
          02·
          9 months ago

          Laughing a feature that lets an inevitable attack access 500 other people’s info for every comprimised account is a glaring security failure.

          Accounting for foreseeable risks to users’ data is the company’s responsibility and they launched a feature that made a massive breach inevitable. It’s not the users’ fault for opting in to a feature that obviously should never have been launched.

    • mp04610@lemm.eeEnglish
      13·
      9 months ago

      From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe’s DNA Relatives feature.

      How exactly are these 6.9M users at fault? They opted in to a feature of the platform that had nothing to do with their passwords.

      On top of that, the company should have enforced strong passwords and forced 2FA for all accounts. What they’re doing is victim blaming.