In a letter to victims who filed a lawsuit against the company, 23andMe blames its breach on customers for reusing passwords.

Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • KairuByte@lemmy.dbzer0.comEnglish
    4112·
    10 months ago

    So… we are ignoring the 6+ million users who had nothing to do with the 14 thousand users, because convenience?

    Not to mention, the use of “brute force” there insinuates that the site should have had password requirements in place.

    • capital@lemmy.worldEnglish
      217·
      10 months ago

      Please excuse the rehash from another of my comments:

      How do you people want options on websites to work?

      These people opted into information sharing.

      When I set a setting on a website, device, or service I damn sure want the setting to stick. What else would you want? Force users to set the setting every time they log in? Every day?

      • KairuByte@lemmy.dbzer0.comEnglish
        44·
        10 months ago

        I admit, I’ve not used the site so I don’t know the answers to the questions I would need, in order to properly respond:

        • Were these opt-in or opt-out?
        • Were the risks made clear?
        • Were the options fine tuned enough that you could share some info, but not all?

        From the sounds of it, I doubt enough was done by the company to ensure people were aware of the risks. Because so many people were shocked by what was able to be skimmed.

        • capital@lemmy.worldEnglish
          33·
          10 months ago

          I’m convinced that everyone pissed at the company for users reusing passwords has a reading comprehension problem because I definitely already answered your first question in the comment you responded to.

          I haven’t used the service either - I don’t want more of my data out there. So I can’t answer the other questions.

          Users were probably not thinking about the implications of a breach after sharing but it stands to reason that if you share data with an account, and that account gets compromised, your data is compromised.

          We’ve all been through several of those from actual hacks at other companies (looking at you, T-Mobile). I refuse to believe people aren’t aware of this general issue by now.

    • platypus_plumba@lemmy.worldEnglish
      112·
      10 months ago

      It was credential stuffing. Basically these people were hacked in other services. Those services probably told them “Hey, you need to change your password because our database was hacked” and then they were like “meh, I’ll keep using this password and won’t update my other services that this password and personally identifiable information about myself and my relatives”.

      Both are at fault, but the users reusing passwords with no MFA are dumb as fuck.