874

Hope this isn't a repeated submission. Funny how they're trying to deflect blame after they tried to change the EULA post breach.

you are viewing a single comment's thread
view the rest of the comments
[-] reverendsteveii@lemm.ee 35 points 2 years ago

“users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe...Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures,”

This is a failure to design securely. Breaking into one account via cred stuffing should give you access to one account's data, but because of their poor design hackers were able to leverage 14,000 compromised accounts into 500x that much data. What that tells me is that, by design, every account on 23andMe has access to the confidential data of many, many other accounts.

[-] assassin_aragorn@lemmy.world 7 points 2 years ago

It's terrible design. If they know their users are going to do this, they're supposed to work around that. Not leave it as a vulnerability.

[-] asret@lemmy.zip 6 points 2 years ago

I don't think so. Those users had opted in to share information within a certain group. They've already accepted the risk of sharing info with someone who might be untrustworthy.

Plenty of other systems do the same thing. I can share the list of games on my Steam account with my friends - the fact that a hacker might break into one of their accounts and access my data doesn't mean that this sharing of information is broken by design.

If you choose to share your secrets with someone, you accept the risk that they may not protect them as well as you do.

There may be other reasons to criticise 23andMe's security, but this isn't a broken design.

this post was submitted on 03 Jan 2024
874 points (100.0% liked)

Technology

73602 readers
2993 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS