@dplattsf @thomasfuchs @pjohanneson "well within the norm" is not a security standard. that's not what users signed up for and if it were plainly stated no one would ever reveal identifying data to these people, let alone their genome.
How are you not getting why this is a significant breach?
Data brokers have no "do not buy list". They will get any info from any source that's available.
"didn't get their systems breached" is not a statement i would make if 14,000 user accounts were compromised, which later led to disclosing the data of 50% of your users.
you know the first thing the attackers did was release a million lines of user data, right? for free, right away, and all of those users were jewish
can you see how this data could be misused now?
@dko @dplattsf @thomasfuchs @pjohanneson
I work in this field.
It was a credential stuffing attack. Google that. There wasn't much they could have done about it.
However, Everything they've done after the fact has revealed them to be the shitty corporation that most corporations eventually reveal themselves to be.
It's a breach, but not like a breach where there were default creds exposed on the internet (equifax) or some idiot (LastPass).