Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • douglasg14b@lemmy.world
    link
    fedilink
    English
    arrow-up
    56
    arrow-down
    30
    ·
    11 months ago

    OP spreading disinformation.

    Users used bad passwords. Their accounts where accessed using their legitimate, bad, passwords.

    Users cry about the consequences of their bad passwords.

    Yeah, 23AndMe has some culpability here, but the lions share is still in the users themselves

    • AdamEatsAss@lemmy.world
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      edit-2
      11 months ago

      Are you telling me a password of 23AndMe! Is bad? It meets all the requirements.

    • mp04610@lemm.ee
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      10
      ·
      11 months ago

      From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe’s DNA Relatives feature.

      How exactly are these 6.9M users at fault? They opted in to a feature of the platform that had nothing to do with their passwords.

      On top of that, the company should have enforced strong passwords and forced 2FA for all accounts. What they’re doing is victim blaming.

      • Falcon@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        3
        ·
        edit-2
        11 months ago

        users knowingly opted into a feature that had a clear privacy risk.

        Strong passwords often aren’t at issue, password re-use is. If un-{salted, hashed} passwords were compromised in a previous breach, then it doesn’t matter how strong those passwords are.

        Every user who was compromised:

        1. Put their DNA profile online
        2. Opted to share their information in some way

        A further subset of users failed to use a unique and strong password.

        A 2FA token (think Matrix) might have helped here, other than that, individuals need to take a greater responsibility for personal privacy. This isn’t an essential service like water, banking, electricity etc. This is a place to upload your DNA profile…

        • sudneo@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          11 months ago

          As I said elsewhere, the company implemented this feature and apparently did not do absolutely jack about the increased risk of account compromise deriving from it. If I would sit in a meeting discussing this feature I would immediately say that accounts which share data with others are way too sensitive and at least these should have 2fa enforced. If you don’t want it, you don’t share data. Probably the company does not have a good security culture and this was not done.

    • Cosmic Cleric@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      11 months ago

      Users used bad passwords. Their accounts where accessed using their legitimate, bad, passwords.

      Just as an anecdotal counterpoint, I am a 23andMe customer who did receive notification of my account was accessed and personal information obtained.

      This was my password at the time: 7Kk5bXjIdfB25

      That password was auto-generated for me by the BitWarden app.

      So for what it’s worth I don’t think my password was a ‘bad’ password.

      • Willy@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        11 months ago

        Your direct account was accessed or some of your information was access through a compromised account? those are big differences and from what I’ve read only the latter should have been possible. and in my opinion, not such a big deal.

    • Eezyville@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      5
      ·
      11 months ago

      How am I spreading disinformation? I just contributed an article I found interesting for discussion.

      • Falcon@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        11 months ago

        It’s worth noting that OP simply used the article title.

        The article title is a little biased, individuals must take greater personal responsibility.

        • Eezyville@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          I don’t know title etiquette in this forum. I used the author’s title because it is their article, not mine, and thus their opinion/research/AI output.

          • Falcon@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            11 months ago

            Oh no, I was just pointing it out for others. I think using the title post is perfectly reasonable.

            Thank you for posting, I found it interesting.

    • pflanzenregal@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      11 months ago

      The lions share IMHO is at 23&me. Offering such a poorly secured service is negligence, in the face of the data’s high sensitivity nature.