They’re blaming customers for not having good cybersecurity practices instead of themselves for not having good cybersecurity practices.
They’re blaming customers for not having good cybersecurity practices instead of themselves for not having good cybersecurity practices.
Yeah, users have some of the blame, but 23andme shares responsibility by not having basic detection of bad actors. Some things that come to mind are rate limits, alarms on strange user login behavior, watching for mass logins from an unexpected region, excessive bad password attempts across a large number of users.