23andMe tells victims it's their fault that their data was breached | TechCrunch
23andMe tells victims it's their fault that their data was breached | TechCrunch
In a letter to victims who filed a lawsuit against the company, 23andMe blames its breach on customers for reusing passwords.
They're blaming customers for not having good cybersecurity practices instead of themselves for not having good cybersecurity practices.
You're viewing a single thread.
From a PSA stand point, 23andMe makes a really good point here.
From a Legal / Responsible Data Custodian perspective, it's the same collective responsibility bullshit that the oil industry likes to shit out about climate change.
Permanently Deleted
The issue isn't just reuse of passwords. Only about 14,000 accounts were breached because of bad passwords. The problem is that those 14k accounts allowed bad actors to access the personal information of nearly 7 million people. It's less "you shouldn't have reused your password," it's more "your neighbor's cousin's sister-in-law's nephew shouldn't have reused his password"
Good point, just added that to my comment as well.
... And you should not opt in to sharing data with people whose security practices you don't know.
Don't print your SSN and give it to your inlaws or your grandma. Or your credit card info or anything else.
While it's not the point 23andMe wants to make here, it is an absolutely horrible idea to allow a company to access, catalog and sell your DNA information. Shame they didn't touch on that point.