Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • pearsaltchocolatebar
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    3
    ·
    10 months ago

    It’s actually the user’s fault. The emails and passwords came from a different breach, and some of those also worked on 23andMe. This is why you don’t reuse passwords.

    • Hegar@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      It’s actually the user’s fault. The emails and passwords came from a different breach

      No, 23andme is very clearly at fault.

      Only 0.02% of those who had their personal info leaked were hacked by a credential stuffing attack.

      99.8% of victims were victims because the company launched an obviously unsafe feature that allowed intruders to acces 500 other people’s details for each compromised account.

      No one changes the password on sites they don’t use anymore and this is basically a single use service.