Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • KairuByte@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    10
    ·
    11 months ago

    So… we are ignoring the 6+ million users who had nothing to do with the 14 thousand users, because convenience?

    Not to mention, the use of “brute force” there insinuates that the site should have had password requirements in place.

    • capital@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      5
      ·
      11 months ago

      Please excuse the rehash from another of my comments:

      How do you people want options on websites to work?

      These people opted into information sharing.

      When I set a setting on a website, device, or service I damn sure want the setting to stick. What else would you want? Force users to set the setting every time they log in? Every day?

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        11 months ago

        I admit, I’ve not used the site so I don’t know the answers to the questions I would need, in order to properly respond:

        • Were these opt-in or opt-out?
        • Were the risks made clear?
        • Were the options fine tuned enough that you could share some info, but not all?

        From the sounds of it, I doubt enough was done by the company to ensure people were aware of the risks. Because so many people were shocked by what was able to be skimmed.

    • platypus_plumba@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      11 months ago

      It was credential stuffing. Basically these people were hacked in other services. Those services probably told them “Hey, you need to change your password because our database was hacked” and then they were like “meh, I’ll keep using this password and won’t update my other services that this password and personally identifiable information about myself and my relatives”.

      Both are at fault, but the users reusing passwords with no MFA are dumb as fuck.