In a letter to victims who filed a lawsuit against the company, 23andMe blames its breach on customers for reusing passwords.

Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • Hegar@kbin.social
    5114·
    11 months ago

    What should a website do when you present it with correct credentials?

    Not then give you access to half their customers’ personal info?

    Credential stuffing 1 grandpa who doesn’t understand data security shouldn’t give me access to names and genetics of 500 other people.

    That’s a shocking lack of security for some of the most sensitive personal data that exists.

    • capital@lemmy.worldEnglish
      188·
      11 months ago

      You either didn’t read or just really need this to be the company’s fault.

      Those initial breaches lead to more info being leaked because users chose to share data with those breached users before their accounts were compromised.

      When you change a setting on a website do you want to have to keep setting it back to what you want or do you want it to stay the first time you set it?

      • Hegar@kbin.social
        1·
        11 months ago

        Hi! If you’ve used it, there’s something I was curious about - how many people’s names did it show you?

        If 50%+ of the 14000 had the feature enabled, it was showing an average of 500-1000 “relatives”. Was that what you saw? What degree of relatedness did they have?

        I don’t think that opting in changes a company’s responsibility to not launch a massive, inevitable data security risk, but tbh I’m less interested in discussing who’s to blame than I am in hearing more about your experience using the feature. Thanks in advance!