23andMe tells victims it's their fault that their data was breached

floofloof@lemmy.ca to News@lemmy.world – 133 points –
23andMe tells victims it's their fault that their data was breached | TechCrunch
techcrunch.com
6

Yeah this is like 85% the users fault. If the website stores passwords in plaintext, it's their fault. If the user used "password" as a password it's their fault. The site could have been more helpful by having a cool down between incorrect passwords and monitor of failed attempts. Also maybe limiting the data shared between relatives. But like with Facebook, if you gain access to someone's account you will see their friends too.

What you are describing kind of seems like 85% the site's fault. Having no lock after failed attempts is a pretty epic fail. That combined with lax password requirements leaves the whole thing open to brute force.

It is. It was from people reusing passwords that were compromised.

Apparently you failed to read and/or comprehend the article.

“From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe’s DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform.”

1 more...

After disclosing the breach, 23andMe reset all customer passwords, and then required all customers to use multi-factor authentication, which was only optional before the breach.

Last I checked, that is still optional but highly recommended.