Hope this isn’t a repeated submission. Funny how they’re trying to deflect blame after they tried to change the EULA post breach.

  • sudneo@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    It doesn’t matter. It is a known attack and the company should have implemented measures against it.

    At the very least, they should have made a threat modeling exercise and concluded that with this sharing feature, the compromise of a single account can lead to compromise of data for other users. One possible conclusion is that users who shared data should be forced to have 2fa.