Comment on 23andMe tells victims it's their fault that their data was breached | TechCrunch
Fiivemacs@lemmy.ca 10 months agoAnd it’s your fault you have access to them. Stop doing bad things and keep your information secure.
Comment on 23andMe tells victims it's their fault that their data was breached | TechCrunch
Fiivemacs@lemmy.ca 10 months agoAnd it’s your fault you have access to them. Stop doing bad things and keep your information secure.
reverendsteveii@lemm.ee 10 months ago
you clearly have no familiarity with the principles of information security. 23andMe failed to follow a basic principle: defense in depth. The system should be designed such that compromises are limited in scope and cannot be leveraged into a greater scope. Password breaches are going to happen. They happen every day, on every system on the internet. They happen to weak passwords, reused passwords and strong passwords. They’re so common that if you don’t design your system assuming the occasional user account will be compromised then you’re completely ignoring a threat vector, which is on you as a designer. 23andMe didn’t force 2 factor auth (techcrunch.com/…/23andme-ancestry-myheritage-two-…) and they made it so every account had access to information beyond what that account could control. These are two design decisions that enabled this attack to succeed, and then escalate.
psud@lemmy.world 10 months ago
Fiivemacs was joking, speaking in 23&me’s voice. They don’t actually believe it’s the user’s fault.
Fiivemacs@lemmy.ca 10 months ago
That was very much sarcasm on my part
Fiivemacs@lemmy.ca 10 months ago
Didn’t say /s…