MyHeritage HACKED! 92 Million Users Have Identity Stolen in the Data Breach
Have you heard of MyHeritage? It's an online genealogy platform, which can help curious users their family history. Sounds fun, right? You could be related to some ancient king, you never know. What's the harm in trying it out?
Well, it appears the online ancestry-tracing website was recently hacked, which left the emails and passwords of over 92 million clients out in the open. What's worse, the MyHeritage's DNA database was also potentially affected and who knows what trouble that could lead to.
Omer Deutsch, MyHeritage's head of online security, said in a statement that he had been contacted by an independent security expert, who had discovered the leak information on another website. The file in question contained the details of every MyHeritage user since October 26, 2017.
"Immediately upon receipt of the file, MyHeritage's Information Security Team analyzed the file and began an investigation to determine how its contents were obtained and to identify any potential exploitation of the MyHeritage system," Deutsch said. "We determined that the file was legitimate and included the email addresses and hashed passwords of 92,283,889 users," he added.
Deutsch insisted that t MyHeritage does not store their users' passwords. Instead, they store a hash, which is unique to each customer. So even though they have the hashes, the cybercriminals do not have access to MyHeritage users' real passwords.
Deutsch was quick to point out that no other information was found on the server, and that the thieves had no access to any other sensitive data.
"We have no reason to believe that any other MyHeritage systems were compromised. As an example, credit card information is not stored on MyHeritage to begin with, but only on trusted third-party billing providers," MyHeritage's chief of information security said. "Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised," Deutsch added.
Omer Deutsch also said that the online genealogy company had begun its own investigation into the breach, and also hired an independent cybersecurity company to figure out just how the breach happened and who the perpetrators were. And concerned MyHeritage users can contact Deutsch and his team at firstname.lastname@example.org or 001 888 672 2875.
He also recommended that all MyHeritage users change their passwords just in case.
When you're putting your DNA and your ancestry out there it's always a good idea to have the strongest possible passwords. Extra security measures are recommended as well, like two-factor authentication.