Hacker News

2169 readers

31 users here now

A mirror of Hacker News' best submissions.

founded 1 year ago

MODERATORS

bot@lemmy.smeargle.fans

23andMe tells victims it's their fault that their data was breached (techcrunch.com)

submitted 8 months ago by bot@lemmy.smeargle.fans to c/hackernews@lemmy.smeargle.fans

4 comments fedilink hide all child comments

HN Discussion

top 4 comments

sorted by: hot top controversial new old

[–] ashar@infosec.pub 5 points 8 months ago (1 children)

Users passwords were leaked in other breaches. 23andme could have forced everyone to setup new passwords but that is not usual practice, is it?

[–] CJOtheReal@lemmy.sdf.org 2 points 8 months ago

Even if, most of them aren't logging in periodically enough and it's not their fault or responsibility to check for other companies breaches, otherwise you'd have to do that on a (basically) daily basis.

Don't use the same password everywhere.

[–] trebuchet@lemmy.ml 5 points 8 months ago* (last edited 8 months ago)

The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing. From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe’s DNA Relatives feature.

From the description it sounds like they have a point. If people reuse their passwords and then get hacked, the hackers are going to have access to their full accounts, including any information shared with them.

How is this different than if hackers reused passwords and hacked into Facebook accounts and then saw the user's friends' profiles?

[–] phorq@lemmy.ml 3 points 8 months ago

This is like if a robber got in through a hole in the wall, and the architect blamed the homeowner for having a spare key under the mat. Sure, it's not a good security practice, but that's not the issue here.