Technology

58133 readers

4330 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

224

23andMe agrees to $30M settlement for breach lawsuit (www.scmagazine.com)

submitted 3 days ago by [email protected] to c/[email protected]

36 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 2 days ago* (last edited 2 days ago)

It should be $0 because this was a credential stuffing attack (Using breached passwords people reused), and affected people who knowingly shared their data with other people.

23&me didn't leak data, they didn't have any database breaches, their infrastructure wasn't compromised due to negligence...etc The majority share of negligence is in the users here.

Yes, they should have MFA, but also no, most sites and services don't force you to use MFA to begin with, and that's not a regulatory requirement anyways.

This is, for the most part, the fault of the folks using terrible security practices such as refusing passwords and sharing their data with other users. And this is a shitty precedent to set where the technical reasons for this event are thrown out the window in favor of the politics of it.