MyHeritage DNA testing service says breach affected 92M users' data

Adjust Comment Print

In a blog post, MyHeritage said the email addresses seemed to be the only tangible data the hackers accessed.

"Today, June 4, 2018 at approximately 1 p.m. EST, MyHeritage's chief information security officer received a message from a security researcher that he had found a file named myheritage containing email addresses and hashed passwords, on a private server outside of MyHeritage", the statement reads.

Other types of sensitive data, such as family trees and DNA information, are stored on a segregated system that includes added layers of security not present on those storing the email addresses, according to the company.

Israel-headquartered MyHeritage enables users to create family trees by searching through historical documents such as census, immigration, marriage and burial records in 42 languages.

More news: Trudeau tells premiers U.S. tariffs 'unacceptable' as Trump's G7 looms

The emails are not fundamentally revealing data; billions have been exposed over the years through the likes of the Equifax and Yahoo breaches.

MyHeritage has assured that no payment information or DNA data is at risk. If you used the same password on a different site, you'll want to change that as well, and to something different from the MyHeritage one. Last year, 23andMe CEO Anne Wojcicki told Recode that the company keeps genetic information "totally separate" from information that could be used to identify a user, such as email addresses.

Renderings of DNA strands.

He said: "We have no reason to believe that any other MyHeritage systems were compromised".

More news: Does the Law Apply to Donald Trump?

"When you put DNA and privacy together in a sentence, understandably and correctly, it makes people nervous", said Laura Hercher, a professor at Sarah Lawrence College who teaches about genetics and ethics.

The company said the breach affected all accounts up to and including to October 26, 2017.

"I would rather give someone my DNA than my social security number, my search history, or my credit card", she said. Since the date of the breach, MyHeritage said, "we have not seen any activity indicating that any MyHeritage accounts had been compromised".

The post went on to explain that the company does not store user passwords, only a one-way hash of each password, and the hash key, known as salt, differs for each user. After Deutsch was alerted, the company said its security team analyzed the file sent from the researcher and confirmed that its contents were legitimate and that the data originated from MyHeritage.

More news: Search continues as Guatemala toll rises to 72