747
this post was submitted on 03 Jan 2024
747 points (93.7% liked)
Technology
59219 readers
3230 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes, because you have to choose to share that data with other people. 23andMe isn't responsible if grandma uses the same password for every site.
23andMe is responsible for sandboxing that data, however. Which they obviously didn't do.
User opted-in to share those data
You opt in to share your data with Facebook. Would you still consider it an issue if your data was breached because someone else's account was hacked?
I would consider normal that my photos that I only share with some people were leaked if one of those people's accounts got hacked.
If you share your nudes with the "friends only" privacy settings on facebook, and someone else accesses one of your friends accounts because they reused their password and proceeds to leak those photos, is it the fault of Facebook, your friend, the person leaking them, or you?
Because that is exactly what happened here. Credit stuffing reused passwords and scraping opt-in "friends only" shared data between accounts.
Private health data was compromised as well, on a smaller scale. It doesn't make sense to blame users for a security breach of a corporation, literally ever. That's my point. The friend was dumb, and you shared something maybe you shouldn't have. But that doesn't also absolve the company of poor security practices. I very strongly doubt that 14,000 people knew or consciously chose to directly share with a collective 7 million people.
But they did. All 7 million of them - that's why their data was visible for those 14000.
As it says in the article:
Here's what each and every one of those 7 million people opted in and agreed to:
https://customercare.23andme.com/hc/en-us/articles/115004659068-DNA-Relatives-The-Genetic-Relative-Basics
Did you not read my comment? Users opt in to sharing data with other accounts, which means if one account is compromised, then every account that allowed them access would have their data compromised too. That's not on the company, because they feature can't work without allowing access.