In a letter to victims who filed a lawsuit against the company, 23andMe blames its breach on customers for reusing passwords.

Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • rockSlayer@lemmy.worldEnglish
    22·
    10 months ago

    Private health data was compromised as well, on a smaller scale. It doesn’t make sense to blame users for a security breach of a corporation, literally ever. That’s my point. The friend was dumb, and you shared something maybe you shouldn’t have. But that doesn’t also absolve the company of poor security practices. I very strongly doubt that 14,000 people knew or consciously chose to directly share with a collective 7 million people.

    • JohnEdwa@sopuli.xyzEnglish
      3·
      10 months ago

      But they did. All 7 million of them - that’s why their data was visible for those 14000.

      As it says in the article:

      From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million victims because they had opted-in to 23andMe’s DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform.

      Here’s what each and every one of those 7 million people opted in and agreed to:

      https://customercare.23andme.com/hc/en-us/articles/115004659068-DNA-Relatives-The-Genetic-Relative-Basics