I don’t think so. Those users had opted in to share information within a certain group. They’ve already accepted the risk of sharing info with someone who might be untrustworthy.
Plenty of other systems do the same thing. I can share the list of games on my Steam account with my friends - the fact that a hacker might break into one of their accounts and access my data doesn’t mean that this sharing of information is broken by design.
If you choose to share your secrets with someone, you accept the risk that they may not protect them as well as you do.
There may be other reasons to criticise 23andMe’s security, but this isn’t a broken design.
Fiivemacs@lemmy.ca 10 months ago
And it’s your fault you have access to them. Stop doing bad things and keep your information secure.
reverendsteveii@lemm.ee 10 months ago
you clearly have no familiarity with the principles of information security. 23andMe failed to follow a basic principle: defense in depth. The system should be designed such that compromises are limited in scope and cannot be leveraged into a greater scope. Password breaches are going to happen. They happen every day, on every system on the internet. They happen to weak passwords, reused passwords and strong passwords. They’re so common that if you don’t design your system assuming the occasional user account will be compromised then you’re completely ignoring a threat vector, which is on you as a designer. 23andMe didn’t force 2 factor auth (techcrunch.com/…/23andme-ancestry-myheritage-two-…) and they made it so every account had access to information beyond what that account could control. These are two design decisions that enabled this attack to succeed, and then escalate.
psud@lemmy.world 10 months ago
Fiivemacs was joking, speaking in 23&me’s voice. They don’t actually believe it’s the user’s fault.
Fiivemacs@lemmy.ca 10 months ago
That was very much sarcasm on my part
Fiivemacs@lemmy.ca 10 months ago
Didn’t say /s…