MyHeritage admits 92 million user email addresses were leaked

MyHeritage breach exposes 92M emails and hashed passwords

MyHeritage breach exposes 92M emails and hashed passwords

MyHeritage is an Israel-based ancestry platform where users can create family trees and search through familial and historical records.

A security researcher found, on a private server, the email addresses and hashed passwords of every customer that signed up for the service before October 26 of past year.

DNA databases have come under closer scrutiny as more online companies commoditize the service, offering genetic sequencing at low prices and warehouse the data.

"There has been no evidence that the data in the file was ever used by the perpetrators", the company said in a statement late Monday.

Other types of sensitive data, such as family trees and DNA information, are stored on a segregated system that includes added layers of security not present on those storing the email addresses, according to the company.

Our Information Security Team received the file from the security researcher, reviewed it, and confirmed that its contents originated from MyHeritage and included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords.

For the millions of people whose email addresses were stored on the private server, the impact should be minimal, MyHeritage said in a blog post reporting the incident.

The emails are not fundamentally revealing data; billions have been exposed over the years through the likes of the Equifax and Yahoo breaches. Last month, news that investigators tracked down their suspect in the case of the Golden State Killer sparked worry about the privacy of genetic data shared with commercial sites such as MyHeritage. That's why it's good to use a password manager and have unique passwords for every site.

"We believe the intrusion is limited to the user email addresses", Deutsch wrote.

Researchers at the University of Washington encoded a strand of DNA to contain malware, which allowed them to take remote control of a computer that was being used to process genetic data. "We have no reason to believe that any other MyHeritage systems were compromised". That does not tend to allay consumer anxiety, experts say. MyHeritage stated that it does not store user passwords but rather uses a one-way hash with an individual key for each customer.

MyHeritage said it will hire an independent cybersecurity firm to help probe the breach and provide recommendations about how to prevent security lapses going forward.

The genealogy and DNA testing service company said it would be implementing two-factor authentication features for user accounts as well.