Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • Buffaloaf@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    11 months ago

    If your credit card information gets stolen because someone stole it from a website you bought something off of, is that your fault?

    • Duamerthrax@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      11 months ago

      I can change my credit card. I can’t change my dna. This wasn’t even for any medical reasons. 23andme is just a vanity service.

      • Buffaloaf@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        11 months ago

        And what of the money lost? Should the credit card company say “well you’re an idiot that gave sensitive information to some company, we’re not going to help you?” It’s still victim blaming.

        • Duamerthrax@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          In reality, yes. If the data breach because users were reusing passwords, then they are partially at fault. If someone gets rear ended by a drunk driver and their injuries could have been limited by by wearing a seatbelt, then yes. They are partially at fault for it. People who don’t wear their seatbelts are the same types that reuse passwords. They don’t think it will happen to them and take their luck up to that point for granted.

          • frezik@midwest.social
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            11 months ago

            Even if they are partially at fault, the company tends to have more power to fix security problems than the customer does. That’s why we tend to put the onus on the company to fix these issues. It’s not really fair to put it on either one for something criminals did, but at least the company has more power to control things.

            In the case of credit cards, the US industry has implemented PCI compliance to force a level of security on all the individual companies. Now, I happen to think PCI is a flawed approach. Payment gateways in most other countries work something like PayPal or Google Wallet, where only the processing company ever sees payment data. The merchant only sees that the payment is verified and has the correct amount. However, US internet sites evolved where each individual merchant has to hold on to credit card data, and that necessitates PCI. Fortunately, PCI compliance is such a PITA that many companies are turning to payment gateways like everywhere else in the world.

            In the case of 23andme, they had a few broken passwords that then affected half their customer base through the relationship feature. Aside from dropping relationships, they also could have used MFA methods. My Steam account uses MFA, and it’s far less important than my DNA information.

    • spacesatan@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      Bad analogy. The only people who had their information exposed are people who reused passwords and people who decided to make their info semi-public. It’s more like deciding to tell all your cousins and 2nd cousins your credit card info and one of them leaked it.

      • asret@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        And then trying to hold the card issuer liable rather than your cousin…