• Mikina@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    10 months ago

    From how I understand it, that’s also on the users.

    If I get it right, they have a social share function that allows you to share your data with anyone who is your “relative”, i.e. probably can be traced to some common ancestor. So, the millions of people deliberately shared the data with others, and nothing was exploited.

    We should blame the 14 000 users for their terrible security practices way more than the company for not forcing people into using it. Sure, 23AndMe could’ve done more, such as forcing MFA, but by writing headlines about how company got hacked, when it’s literally the fault of people reusing their passwords on every stupid site they log in to, will not help with security awarness in the slightest. They will just keep on with their bad practices until eventually they loose more than just an ancestry records.

    There should be headlines about how “Password reuse of 14 000 users caused a leak of 7 000 000 of user data.”. Not because I want to defend the company, but because it spreads security awarness. It’s still mostly the fault of the users.

    Get a password manager, FFS.