23andMe tells victims it's their fault that their data was breached | TechCrunch - eviltoast

Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • Eager Eagle@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    2
    ·
    10 months ago

    afaik there was no breach of private data, only the kind of data shared to find relatives, which is opt-in and obviously not private to anyone who has seen how this service works. In other words, the only data “leaked” was the kind of data that was already shared with other 23andMe users.

    • Hegar@kbin.social
      link
      fedilink
      arrow-up
      1
      arrow-down
      3
      ·
      10 months ago

      Name, sex and ancestry were sold on the dark web, that’s a breach of private data.

      The feature that lets a hacker see 500 other people’s personal information when they hack an account is obviously a massive security risk. Especially if you run a single use service - no one updates their password on a site they don’t use anymore.

      Launching the feature in the first place made this inevitable.

      • Eager Eagle@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        10 months ago

        Name, sex and ancestry were sold on the dark web, that’s a breach of private data.

        It would be a breach if the data was private, but the feature itself exposes this data. That would be like presenting a concert to hundreds of people then complaining your facial attributes were leaked in social media.