Comment

Comment on 23andMe tells victims it's their fault that their data was breached | TechCrunch

hoshikarakitaridia@sh.itjust.works ⁨8⁩ ⁨months⁩ ago

That’s not how this works. They are running internationally, and GDPR would hit them like a brick if they did that.

I would assume they had some deals with law enforcement to transmit data one narrow circumstances.

This is different. This is a breach and if you have a company taking care of such sensitive data, it’s your job to do the best you can to protect it. If they really do blame this on the users, they are in for a class action and hefty fine from the EU, especially now that they’ve established even more guidelines towards companies regarding the maintenance of sensitive data. This will hurt on some regard.

source

Sort:hotnew top

givesomefucks@lemmy.world ⁨8⁩ ⁨months⁩ ago

If they really do blame this on the users

It’s not that they said:

It’s your fault your data leaked

What they said was (paraphrasing):

A list of compromised emails/passwords from another site leaked, and people found some of those worked on 23andme. If a DNA relative that you volunteered to share information with was one of those people, then the info you volunteered to share was compromised to a 3rd party.

Which, honestly?

Completely valid. The only way to stop this would be for 23andme to monitor these “hack lists” and notify any email that also has an account on their website.

Side note:

Any tech company can provide info if asked by the police. The good ones require a warrant first, but as data owners they can provide it without a warrant.

source
- LUHG_HANI@lemmy.world ⁨8⁩ ⁨months⁩ ago
  That’s not 23 and me fault at all then. Basically boils down to password reuse. All i would say is they should have provided 2fa if they didn’t.
  
  source
  - 52fighters@kbin.social ⁨8⁩ ⁨months⁩ ago
    
    All i would say is they should have provided 2fa if they didn’t.
    
    At this point, every company not using 2FA is at fault for data hacks. Most people using the internet have logins to 100's of sites. Knowing where to do to change all your passwords is nearly impossible for a seasoned internet user.
    
    source
    conciselyverbose@kbin.social ⁨8⁩ ⁨months⁩ ago
    A seasoned internet user has a password manager.
    
    Not using one is your negligence, no one else's.
    
    source
    -> View More Comments
    TORFdot0@lemmy.world ⁨8⁩ ⁨months⁩ ago
    The sad thing is you have to balance the costs of requiring your customer to use 2FA with the risk of losing business because of it and the risk of losing reputation because your customers got hacked and suffered loss.
    
    The sad thing is some (actuall most) people are brain dead, you will lose business if you make them use a complicated password or MFA and it puts them in the position to make a hard call.
    
    They took the easy route and gave the customer the option to use MfA if they wished and unfortunately a lot of people declined. Those people should not have the ability to claim damages (or vote, for that matter)
    
    source
    -> View More Comments
- dpkonofa@lemmy.world ⁨8⁩ ⁨months⁩ ago
  
  The only way to stop this would be for 23andme to monitor these “hack lists”
  
  Unfortunately, from the information that I’ve seen, the hack lists didn’t have these credentials. HIBP is the most popular one and it’s claimed that the database used for these wasn’t posted publicly but was instead sold on the dark web. I’m sure there’s some overlap with previous lists if people used the same passwords but the specific dataset in this case wasn’t made public like others.
  
  source