They’re blaming customers for not having good cybersecurity practices instead of themselves for not having good cybersecurity practices.
They’re blaming customers for not having good cybersecurity practices instead of themselves for not having good cybersecurity practices.
FWIW, 23andme isn’t saying this just out of the blue, but to defend themselves in court from being sued by people who lost their data because of people reusing passwords.
Honestly everyone sucks here. Don’t reuse passwords for anything remotely important. And, don’t allow people to sign in to any remotely-important web service without 2FA. (Edit: And, if you are going to be sloppy protecting your users from having their accounts broken into, don’t give users access to every other relative’s data for no particular reason.)
Passwords aside, I’d never in a million years entrust my DNA information to some random outfit on the internet and assume that good things would happen to it, but that’s just me.
The issue isn’t just reuse of passwords. Only about 14,000 accounts were breached because of bad passwords. The problem is that those 14k accounts allowed bad actors to access the personal information of nearly 7 million people. It’s less “you shouldn’t have reused your password,” it’s more “your neighbor’s cousin’s sister-in-law’s nephew shouldn’t have reused his password”
Good point, just added that to my comment as well.
… And you should not opt in to sharing data with people whose security practices you don’t know.
Don’t print your SSN and give it to your inlaws or your grandma. Or your credit card info or anything else.