Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • Max-P@lemmy.max-p.me
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    13
    ·
    edit-2
    10 months ago

    A successful breach of a family member’s account due to their bad security shouldn’t result in the breach of my account. That’s the problem.

    Edit: so people stop asking, here’s their docs on DNA relatives: https://customercare.23andme.com/hc/en-us/articles/212170838

    Showing your genetic ancestry results makes select information available to your matches in DNA Relatives

    It clearly says select information, which one could reasonably assume is protecting of your privacy. All the reports seem to imply the hackers got access to much more than just the couple fun numbers the UI shows you.

    At minimum I hold them responsible for not thinking this feature through enough that it could be used for racial profiling. That’s the equivalent of being searchable on Facebook but they didn’t think to not make your email, location and phone number available to everyone who searches for you. I want to be discoverable by my friends and family but I’m not intending to make more than my name and picture available.

    • givesomefucks@lemmy.world
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      4
      ·
      edit-2
      10 months ago

      A successful breach of a family member’s account due to their bad security shouldn’t result in the breach of my account. That’s the problem

      I mean…

      You volunteered to share your info with that person.

      And that person reused a email/password that was compromised.

      How can 23andme prevent that?

      It sucks, but it’s the fault of your relative that you entrusted with access to your information.

      No different than if you handed them a hardcopy and they left it on the table of McDonald’s .

      Quick edit:

      It sounds like you think your account would be compromised, that’s not what happened. Only info you shared with the compromised relative becomes compromised. They don’t magically get your password.

      But you still choose to make it accessible to that relatives account by accepting their request to share

          • dmonzel@lemmy.ml
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            4
            ·
            10 months ago

            Ok, who else would be able to give me your personal information. I’ll go get it from them instead.

              • dmonzel@lemmy.ml
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                7
                ·
                10 months ago

                Oh, so you’re actually not consenting to have some personal information you’ve given to family given to me as well? Odd, you sure seemed ok when it was people having their information snagged from 23andMe.

                • Zoolander@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  arrow-down
                  3
                  ·
                  10 months ago

                  No, but I didn’t consent to give that info to family either. If I was worried about my data getting in the hands of strangers, I wouldn’t have shared it with strangers which is what happened here. Unless you count a 4th cousin that you’ve never met “family”, why would you give them access to your data?

    • Zoolander@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      10 months ago

      I doesn’t. Sharing that info was opt-in only. In this scenario, no 23andMe accounts were breached. The users reused their credentials from other sites. It would be like you sharing your bank account access with a family member’s account and their account getting accessed because their banking password was “Password1” or their PIN was “1234”.

    • argo_yamato@lemm.ee
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      6
      ·
      10 months ago

      Yep it was 14,000 that were hacked, the other 6.9 million were from that DNA relative functionality they have. Unfortunately 23andMe’s response is what to expect since companies will never put their customers safety ahead of their profits.

    • douglasg14b@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      2
      ·
      10 months ago

      So if you enabled a setting that is opt-in only that allows sharing data between accounts and you are surprised that data was shared between accounts how is that not your fault?

    • Eager Eagle@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      2
      ·
      10 months ago

      afaik there was no breach of private data, only the kind of data shared to find relatives, which is opt-in and obviously not private to anyone who has seen how this service works. In other words, the only data “leaked” was the kind of data that was already shared with other 23andMe users.

    • TORFdot0@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      10 months ago

      You shouldn’t have shared your information with someone who is untrustworthy then. Data sharing is opt-in.

    • AbouBenAdhem@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      edit-2
      10 months ago

      Even if you didn’t reuse a compromised password yourself, the fact that your relatives did indicates that you’re genetically predisposed to bad security practices. /s