92 million MyHeritage users were leaked

TrueMove H Data Breach

MyHeritage announced that the e-mail address and password information associated with the company’s 92 million accounts had been stolen by hackers. MyHeritage said that the company’s security administrator received a message from a researcher who found a file named “MyHeritage” on a private server outside the company that contained 92,283,889 MyHeritage accounts with the email address and encryption password.

MyHeritage allows users to create genealogy, search histories and find potential loved ones. The company was founded in Israel in 2003 and launched MyHeritage DNA in 2016. Users simply send a saliva sample for genetic testing. The site currently has 96 million users, of which 1.4 million have been genetically tested.

According to MyHeritage, the vulnerability occurred on October 26, 2017, and the affected users were registered before that day. The company also stated that they do not store user passwords. All passwords are encrypted using a so-called single-hash method. Different users’ data needs to be accessed using different keys.

Our Information Security Team received the file from the security researcher, reviewed it, and confirmed that its contents originated from MyHeritage and included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords.

However, in previous hacking incidents, such mechanisms were hacked to convert passwords. If this is the case, the hackers can get their personal information after logging in to the user account, including the identity of the family member. However, even if a hacker can enter a user account, it is unlikely that the original genetic information will be easily accessible because it is necessary to confirm this by downloading the content.

In its statement, the company emphasized that DNA data is stored on “isolated systems, separate from the system that holds the e-mail, and contains an extra layer of security.”

MyHeritage has formed a 24/7 support team to help the affected users. The company also plans to hire an independent network security company to investigate the matter and possibly strengthen security measures. At the same time, they also advise users to change their passwords.

Suggested Reading: To find more info about DNA testing companies, you can read this post. The website provides In-depth and impartial reviews of leading DNA test kits, user-generated reviews of every DNA test kit we tested, and detailed kit comparisons to name a few.