- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
There is a discussion on Hacker News, but feel free to comment here as well.
You aren’t hacked if your users have the same password on another platform that gets hacked.
agree. at the same time i wonder whether the usual authentication system is adequate given a) the sensitive nature of the data and b) the data’s implications for people who have not signed up, e.g., if my cousin signs up and provides data, the data he provides is not really his but, in a way, also mine. so, i wonder how much data processing is really covered by my cousin’s consent, given that it is not really his data alone, and whether, given this circumstances, special provisions should have been provided by the processor.
(personally i tend to believe that companies like 23&me should not exist in the first place, given that their operation requires processing of sensitive data from people who have not consented to the use of their data, i.e. processing of relational data should require consent of all related partners.)
This is the best summary I could come up with:
The recent 23andMe data breach is a stark reminder of a chilling reality – our most intimate, personal information might not be as secure as we think.
The 23andMe breach saw hackers gaining access to a whopping 6.9 million users’ personal information, including family trees, birth years and geographic locations.
Government overreach is certainly a possibility, as the FBI and every policing agency in the world is probably salivating at the thought of getting access to such a huge data set of DNA sequences.
This logic is equivalent to a bank saying, “It’s not our fault your money got stolen; you should have had a better lock on your front door.” It’s unacceptable and a gross abdication of responsibility.
The fact that the stolen data was advertised as a list of people with ancestries that have, in the past, been victims of systemic discrimination, adds another disturbing layer to this debacle.
I’ve long argued that after the Equifax breach, the company should have received the corporate equivalent of the death penalty.
The original article contains 734 words, the summary contains 171 words. Saved 77%. I’m a bot and I’m open source!
Yeah, and then what? Rebrand and do it all over again?
Putting the company to death isn’t the same as putting the name of the company to death. You’re thinking of the latter. Actually putting a company to death would mean aggressively seizing and liquidating all assets, spending those funds on public interests as well as banning all the executives from ever working for a similar company as long as they live. Then new laws would be created to assure the exact same fate for any other company to follow in their footsteps. Will it ever happen? Probably not. But that’s how you kill a company.