Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • givesomefucks@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    3
    ·
    11 months ago

    If they really do blame this on the users

    It’s not that they said:

    It’s your fault your data leaked

    What they said was (paraphrasing):

    A list of compromised emails/passwords from another site leaked, and people found some of those worked on 23andme. If a DNA relative that you volunteered to share information with was one of those people, then the info you volunteered to share was compromised to a 3rd party.

    Which, honestly?

    Completely valid. The only way to stop this would be for 23andme to monitor these “hack lists” and notify any email that also has an account on their website.

    Side note:

    Any tech company can provide info if asked by the police. The good ones require a warrant first, but as data owners they can provide it without a warrant.

    • LUHG@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      11 months ago

      That’s not 23 and me fault at all then. Basically boils down to password reuse. All i would say is they should have provided 2fa if they didn’t.

    • Zoolander@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      The only way to stop this would be for 23andme to monitor these “hack lists”

      Unfortunately, from the information that I’ve seen, the hack lists didn’t have these credentials. HIBP is the most popular one and it’s claimed that the database used for these wasn’t posted publicly but was instead sold on the dark web. I’m sure there’s some overlap with previous lists if people used the same passwords but the specific dataset in this case wasn’t made public like others.