|
|
|
|
|
|
by kseifried
878 days ago
|
|
|
We covered this on the open source podcast last week. https://opensourcesecurity.io/2024/01/21/episode-412-blame-t... TLDR there is a LOT 23andme could’ve done to prevent this. Around the same time BrickLink had a similar incident, but handled it perfectly. There is a lot that these vendors can do to protect people, even if their password and username are exposed. Things like requiring email confirmation if you’re logging in from a new IP address. Things like using the haveibeenpwned database to ensure people use good passwords. When I reset my password at 23 and it allowed me to use passwords like Password1234567. 23andme continues to disappoint. |
|
|