They’re blaming customers for not having good cybersecurity practices instead of themselves for not having good cybersecurity practices.

  • @brettvitaz@programming.dev
    link
    fedilink
    511 months ago

    Yeah, users have some of the blame, but 23andme shares responsibility by not having basic detection of bad actors. Some things that come to mind are rate limits, alarms on strange user login behavior, watching for mass logins from an unexpected region, excessive bad password attempts across a large number of users.