• Kbin_space_program
    link
    fedilink
    1410 months ago

    You’re missing a very critical detail.

    Yes the initial breach was reused logins.
    But that was only a pittance 14,000 logins.

    The hackers got access to millions of users through tools provided by 23AndMe

    • @Mikina@programming.dev
      link
      fedilink
      310 months ago

      From how I understand it, that’s also on the users.

      If I get it right, they have a social share function that allows you to share your data with anyone who is your “relative”, i.e. probably can be traced to some common ancestor. So, the millions of people deliberately shared the data with others, and nothing was exploited.

      We should blame the 14 000 users for their terrible security practices way more than the company for not forcing people into using it. Sure, 23AndMe could’ve done more, such as forcing MFA, but by writing headlines about how company got hacked, when it’s literally the fault of people reusing their passwords on every stupid site they log in to, will not help with security awarness in the slightest. They will just keep on with their bad practices until eventually they loose more than just an ancestry records.

      There should be headlines about how “Password reuse of 14 000 users caused a leak of 7 000 000 of user data.”. Not because I want to defend the company, but because it spreads security awarness. It’s still mostly the fault of the users.

      Get a password manager, FFS.