Data from 92 million accounts stolen from DNA testing site MyHeritage

Adjust Comment Print

The security breach, discovered by a researcher, includes all the email addresses of MyHeritage users who signed up through October 26, 2017. The website now has 96 million users from around the world with 1.4 million of them who have taken the DNA test. Since Oct 26, 2017 (the date of the breach) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromised. A hacker able to decrypt the hashed passwords exposed in the breach could access personal information accessible when logging into someone's account, such as the identity of family members. While passwords were part of the compromised file, each was hashed using an algorithm that renders them useless in the event of the breach.

Hashing passwords is a one-way encryption process allowing sensitive data to be stored easily, and although there are theoretically ways to reverse hashing, they involve enormous amounts of computing power and quite a bit of luck.

In an announcement, the company revealed that its Chief Information Security Officer received a message from a security researcher on June 4 that he had discovered a file named myheritage on a server outside of the company. And each hash key, which could be used to revert the hashed passwords back, differs for each user. In 2012 and 2016 nearly 200 million LinkedIn user passwords went on sale following a 2012 breach, despite the fact the service hashed its passwords.

Researchers at the University of Washington encoded a strand of DNA to contain malware, which allowed them to take remote control of a computer that was being used to process genetic data. The company said that it does not store customer credit card information.

More news: China has legitimate right to deploy military facilities in S
More news: Nadal's Roland Garros set streak ended by Schwartzman
More news: IOS 12, macOS Mojave, Memoji and Other Big Announcements from WWDC 2018

MyHeritage has set up a 24/7 support team to assist customers affected by the breach.

Deutsch added in a follow-up post published today that "from the moment this became known to us we have been working literally around the clock, taking additional steps to help protect our users". Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. The company said it's also speeding up its work to roll out two-factor authentication for users.

The company said it immediately launched an internal company investigation after learning of the possible intrusion, and has also hired a cybersecurity firm to conduct forensic analysis to determine the scope of the breach.