Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • rockSlayer@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    8
    ·
    edit-2
    10 months ago

    Is it also the User’s fault for the 6,898,600 people that didn’t reuse a password and were still breached?

    • pearsaltchocolatebar@discuss.online
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      5
      ·
      10 months ago

      Yes, because you have to choose to share that data with other people. 23andMe isn’t responsible if grandma uses the same password for every site.

      • rockSlayer@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        9
        ·
        10 months ago

        23andMe is responsible for sandboxing that data, however. Which they obviously didn’t do.

          • rockSlayer@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            3
            ·
            10 months ago

            You opt in to share your data with Facebook. Would you still consider it an issue if your data was breached because someone else’s account was hacked?

            • stepanzak@iusearchlinux.fyi
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              1
              ·
              10 months ago

              I would consider normal that my photos that I only share with some people were leaked if one of those people’s accounts got hacked.

            • jimbo@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              10 months ago

              Sure, it’s a breach, but I would blame my idiot friend for re-using passwords. I wouldn’t blame the service for doing exactly what I expected the service to do, and is the reason I chose to use the service in the first place.

              It’s also the reason I’ve very selective about what I share with anyone online, friend or otherwise.

            • JohnEdwa@sopuli.xyz
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              edit-2
              10 months ago

              If you share your nudes with the “friends only” privacy settings on facebook, and someone else accesses one of your friends accounts because they reused their password and proceeds to leak those photos, is it the fault of Facebook, your friend, the person leaking them, or you?

              Because that is exactly what happened here. Credit stuffing reused passwords and scraping opt-in “friends only” shared data between accounts.

              • rockSlayer@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                2
                ·
                10 months ago

                Private health data was compromised as well, on a smaller scale. It doesn’t make sense to blame users for a security breach of a corporation, literally ever. That’s my point. The friend was dumb, and you shared something maybe you shouldn’t have. But that doesn’t also absolve the company of poor security practices. I very strongly doubt that 14,000 people knew or consciously chose to directly share with a collective 7 million people.

                • JohnEdwa@sopuli.xyz
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  edit-2
                  10 months ago

                  But they did. All 7 million of them - that’s why their data was visible for those 14000.

                  As it says in the article:

                  From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million victims because they had opted-in to 23andMe’s DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform.

                  Here’s what each and every one of those 7 million people opted in and agreed to:

                  https://customercare.23andme.com/hc/en-us/articles/115004659068-DNA-Relatives-The-Genetic-Relative-Basics

        • pearsaltchocolatebar@discuss.online
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          2
          ·
          10 months ago

          Did you not read my comment? Users opt in to sharing data with other accounts, which means if one account is compromised, then every account that allowed them access would have their data compromised too. That’s not on the company, because they feature can’t work without allowing access.

    • Zoolander@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      5
      ·
      10 months ago

      They weren’t breached. The data they willingly shared with the compromised accounts was available to the people that compromised them.

      • SpaceNoodle@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        10
        ·
        10 months ago

        Pretty sure nobody clicked a button that said “share my data with compromised accounts.”

        • Zoolander@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          5
          ·
          10 months ago

          There was a button that said “share my data with this account”. If that person went and shared that info publicly, how is that any different? The accounts accessed with accessed with valid credentials through the normal login process. They weren’t “breached” or “hacked”.