MyHeritage Discloses Data Breach

MyHeritage, the online genealogy and DNA testing site, has announced that it has recently become aware of a breach on its site. More than 92 million user accounts were affected, but relatively few personal details appear to have been leaked from those accounts.

By kubicka / Shutterstock.com

According to MyHeritage’s statement, the site became aware of the breach on Monday after a security researched tipped the site off to a file on a private server named “myheritage.” The file contained email addresses and hashed passwords, and the breach affected 92,283,889 users, all of those who signed up for MyHeritage up to and including Oct 26, 2017 — the date of the breach.

MyHeritage points out that it only saves one-way hashes of passwords, not the passwords themselves. The hash key differs for each password, the site says. So essentially, anyone who gained access to the breached file only had the list of email addresses.

Email Only?

The site claims there’s no evidence the data was ever used, and also says, “We believe the intrusion is limited to the user email addresses. We have no reason to believe that any other MyHeritage systems were compromised.”

This includes financial data — which MyHeritage doesn’t store on its site, instead relying on third-party billing companies. Nor was any DNA information included in the breach. That data, MyHeritage says, is kept on different systems, behind “added layers of security.”

[Need to make a password change? Check out our roundup of The Best Password Managers.]

MyHeritage is, as you might have expected, investigating the breach using an independent cybersecurity firm. The site also claims it will now be “expediting” work on its own two-factor authentication sign-in system to add more security in the future.

MyHeritage is recommending all registered users change their passwords, for “maximum security.” If you were using your MyHeritage password for other sites, we’d recommend changing your passwords there, as well.

H/T The Verge

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Leave a Comment

Trending News

Follow Us

Reviews