Comment on 23andMe tells victims it's their fault that their data was breached | TechCrunch
JohnEdwa@sopuli.xyz 10 months agoYou didn’t read it either. They gained access to shared information between the accounts.
Logging into someones Facebook and seeing their friends and all the stuff they posted as “friends only” isn’t a hack or a vulnerability, it’s how the website works.
It doesn’t matter. It is a known attack and the company should have implemented measures against it.
At the very least, they should have made a threat modeling exercise and concluded that with this sharing feature, the compromise of a single account can lead to compromise of data for other users. One possible conclusion is that users who shared data should be forced to have 2fa.
It doesn’t matter. It is a known attack and the company should have implemented measures against it.
At the very least, they should have made a threat modeling exercise and concluded that with this sharing feature, the compromise of a single account can lead to compromise of data for other users. One possible conclusion is that users who shared data should be forced to have 2fa.
Hegar@kbin.social 10 months ago
Laughing a feature that lets an inevitable attack access 500 other people's info for every competitive account is a glaring security failure.
Accounting for foreseeable risks to users' data is the company's responsibility and they launched a feature that made a massive breach inevitable. It's not the users' fault for opting in to a feature that obviously should never have been launched.