They’re blaming customers for not having good cybersecurity practices instead of themselves for not having good cybersecurity practices.
From a PSA stand point, 23andMe makes a really good point here.
From a Legal / Responsible Data Custodian perspective, it’s the same collective responsibility bullshit that the oil industry likes to shit out about climate change.
While it’s not the point 23andMe wants to make here, it is an absolutely horrible idea to allow a company to access, catalog and sell your DNA information. Shame they didn’t touch on that point.
Yeah, users have some of the blame, but 23andme shares responsibility by not having basic detection of bad actors. Some things that come to mind are rate limits, alarms on strange user login behavior, watching for mass logins from an unexpected region, excessive bad password attempts across a large number of users.
