this post was submitted on 24 Jan 2024
129 points (97.8% liked)

Privacy

1201 readers
810 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] Kbin_space_program@kbin.social 14 points 9 months ago (1 children)

You're missing a very critical detail.

Yes the initial breach was reused logins.
But that was only a pittance 14,000 logins.

The hackers got access to millions of users through tools provided by 23AndMe

[โ€“] Mikina@programming.dev 3 points 9 months ago

From how I understand it, that's also on the users.

If I get it right, they have a social share function that allows you to share your data with anyone who is your "relative", i.e. probably can be traced to some common ancestor. So, the millions of people deliberately shared the data with others, and nothing was exploited.

We should blame the 14 000 users for their terrible security practices way more than the company for not forcing people into using it. Sure, 23AndMe could've done more, such as forcing MFA, but by writing headlines about how company got hacked, when it's literally the fault of people reusing their passwords on every stupid site they log in to, will not help with security awarness in the slightest. They will just keep on with their bad practices until eventually they loose more than just an ancestry records.

There should be headlines about how "Password reuse of 14 000 users caused a leak of 7 000 000 of user data.". Not because I want to defend the company, but because it spreads security awarness. It's still mostly the fault of the users.

Get a password manager, FFS.