They’re blaming customers for not having good cybersecurity practices instead of themselves for not having good cybersecurity practices.

  • mozz@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    11 months ago

    FWIW, 23andme isn’t saying this just out of the blue, but to defend themselves in court from being sued by people who lost their data because of people reusing passwords.

    Honestly everyone sucks here. Don’t reuse passwords for anything remotely important. And, don’t allow people to sign in to any remotely-important web service without 2FA. (Edit: And, if you are going to be sloppy protecting your users from having their accounts broken into, don’t give users access to every other relative’s data for no particular reason.)

    Passwords aside, I’d never in a million years entrust my DNA information to some random outfit on the internet and assume that good things would happen to it, but that’s just me.

    • starman2112@sh.itjust.works
      link
      fedilink
      arrow-up
      7
      ·
      11 months ago

      The issue isn’t just reuse of passwords. Only about 14,000 accounts were breached because of bad passwords. The problem is that those 14k accounts allowed bad actors to access the personal information of nearly 7 million people. It’s less “you shouldn’t have reused your password,” it’s more “your neighbor’s cousin’s sister-in-law’s nephew shouldn’t have reused his password”

      • dream_weasel@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        11 months ago

        … And you should not opt in to sharing data with people whose security practices you don’t know.

        Don’t print your SSN and give it to your inlaws or your grandma. Or your credit card info or anything else.