Comment on 23andMe tells victims it's their fault that their data was breached | TechCrunch
Hegar@kbin.social 10 months agoWhat should a website do when you present it with correct credentials?
Not then give you access to names and genetics of half their customers?
Credential stuffing 1 grandpa who doesn't understand data security shouldn't give me access to names and genetics of 500 other people.
That's a shocking lack of security for some of the most sensitive personal data that exists.
Not then give you access to half their customers’ personal info?
That’s a feature of the service that you opt into when you’re setting up your account. You’re not required to share anything with anyone, but a lot of people choose too. I actually was able to connect with a half-sibling that I knew I had, but didn’t know how to contact, via that system.
But why do you need access to any of your half sibling’s personal data to do that?
Nobody “needs” it, lol. People do it because it’s interesting to them.
Why do you need access to everyone who opted in’s data to do that?
Why does Facebook need to show you other people’s profiles? Why does Lemmy show me your profile and posts? It’s how the services work, and people choose to use them because they work that way.
Hi! If you've used it, there's something I was curious about - how many people's names did it show you?
If 50%+ of the 14000 had the feature enabled, it was showing an average of 500-1000 "relatives". Was that what you saw? What degree of relatedness did they have?
I don't think that opting in changes a company's responsibility to not launch a massive, inevitable data security risk, but tbh I'm less interested in discussing who's to blame than I am in hearing more about your experience using the feature. Thanks in advance!
This list shows 1500 people for me. I assume that’s just some arbitrary limit to the number of results. There’s significantly overlap in the relationship lists, so the number of relatives is less than the (140000.51500) that that math might indicate.
capital@lemmy.world 10 months ago
You either didn’t read or just really need this to be the company’s fault.
Those initial breaches lead to more info being leaked because users chose to share data with those breached users before their accounts were compromised.
When you change a setting on a website do you want to have to keep setting it back to what you want or do you want it to stay the first time you set it?