124
Genetic testing giant 23andMe is reportedly turning the blame back on its customers for its recent data breach
(www.businessinsider.com)
this post was submitted on 24 Jan 2024
124 points (97.7% liked)
Privacy
1272 readers
73 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Bro the data wasn't breached, someone just took already available passwords and tried them. It is their fault for using the same password everywhere.
And im not defending the company here, fuck em but thats definitely not on them.
23 and Me are technically correct in that it's customer behaviour that caused the issue. People reused passwords and didn't use MFA.
They can claim the moral high ground if they like and shift the blame, but the truth is that regardless of WHY the breach happened, it was still a breach and it still happened!
As a software engineer, I believe there's a real argument to be made here that 23 and Me were negligent in their approach. Given the personal nature of data stored they should have enforced MFA from the start, but they did not. They made an explicit decision to choose customer convenience above customer security.
The argument that customers should have made better security decisions is evasive bullshit.
As a software engineer you cannot trust customers to take correct decisions about security. And customers should not be expected to either - they are not the experts! It's the job of IT professionals to ensure that data has an appropriate level of protection so that it is safeguarded even against naive user behaviour.
As a consumer you can't trust companies or software engineers to make correct decisions about security, either. The blade cuts both ways and everyone is at fault here.