this post was submitted on 03 Jan 2024
827 points (94.1% liked)

Technology

59689 readers
2455 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Hope this isn't a repeated submission. Funny how they're trying to deflect blame after they tried to change the EULA post breach.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 29 points 11 months ago (2 children)

So… we are ignoring the 6+ million users who had nothing to do with the 14 thousand users, because convenience?

Not to mention, the use of “brute force” there insinuates that the site should have had password requirements in place.

[–] [email protected] 14 points 11 months ago (1 children)

Please excuse the rehash from another of my comments:

How do you people want options on websites to work?

These people opted into information sharing.

When I set a setting on a website, device, or service I damn sure want the setting to stick. What else would you want? Force users to set the setting every time they log in? Every day?

[–] [email protected] 0 points 11 months ago (1 children)

I admit, I’ve not used the site so I don’t know the answers to the questions I would need, in order to properly respond:

  • Were these opt-in or opt-out?
  • Were the risks made clear?
  • Were the options fine tuned enough that you could share some info, but not all?

From the sounds of it, I doubt enough was done by the company to ensure people were aware of the risks. Because so many people were shocked by what was able to be skimmed.

[–] [email protected] 0 points 11 months ago

I’m convinced that everyone pissed at the company for users reusing passwords has a reading comprehension problem because I definitely already answered your first question in the comment you responded to.

I haven’t used the service either - I don’t want more of my data out there. So I can’t answer the other questions.

Users were probably not thinking about the implications of a breach after sharing but it stands to reason that if you share data with an account, and that account gets compromised, your data is compromised.

We’ve all been through several of those from actual hacks at other companies (looking at you, T-Mobile). I refuse to believe people aren’t aware of this general issue by now.

[–] [email protected] 9 points 11 months ago* (last edited 11 months ago)

It was credential stuffing. Basically these people were hacked in other services. Those services probably told them "Hey, you need to change your password because our database was hacked" and then they were like "meh, I'll keep using this password and won't update my other services that this password and personally identifiable information about myself and my relatives".

Both are at fault, but the users reusing passwords with no MFA are dumb as fuck.