DNA testing service reveals 92mn user accounts have been breached
Emails and hashed passwords of users who registered for the service, up to and including October 26, 2017 - the date of the breach, were found on a private server, the company confirmed Monday.
The incident was brought to the ancestry site’s attention by a security researcher who came across the file named ‘myheritage’ on a private server outside of MyHeritage.
Upon analysis of the file, the company confirmed it was legitimate and included the email addresses and hashed passwords of 92,283,889 users.
MyHeritage is an Israel-based ancestry platform where users can create family trees and search through familial and historical records. It has some 35 million family trees on its website, according to a report from Israeli media last year.
The company reassured customers that anyone who has access to the hashed passwords does not have the actual passwords. Password hashes are cryptographic representations of passwords, meaning companies don’t have to store the actual password themselves.
The security researcher reported that no other data related to MyHeritage was found on the private server. “There has been no evidence that the data in the file was ever used by the perpetrators,” the statement said, adding that there is no reason to believe any other systems were compromised.
According to the genealogy platform, credit card information is stored by third-party billing providers, while sensitive data, such as family trees and DNA data, is stored on segregated systems, which include added layers of security.
A response team has since been set up to investigate the incident, and plans are in place to enable two-factor authentication for all customers in the near future.