Ancestry.com’ RootsWeb breach: 300,000 plaintext accounts leaked

Another day another data breach, this time it is Ancestry.com, the United States-based genealogy company operating a large network of genetic, historical and genealogical websites with over 2 million paying subscribers.

Ancestry and RootsWeb

One of Ancestry’s service is RootsWeb that is an online community consisting of forums and mailing lists etc to assist people in exploring the history of their family tree. Now, the bad news for RootsWeb users is that the community suffered a data breach in which usernames, email, and passwords of 300,000 registered users were stolen and leaked online in clear text format.

The data was discovered by Troy Hunt, founder of data breach notification website HaveIbeenPwned. Hunt did an analysis of the leaked data and reported that the breach took place in 2015, however, Ancestry.com was unaware of the incident. On the other hand, the company has confirmed the breach and wrote an in-depth blog post to explain what happened.

Ancestry’s acknowledgment

“As a result of that analysis, we determined that the file was legitimate, although the majority of the information was old. Though the file contained 300,000 email/usernames and passwords, through our analysis we were able to determine that only approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from the free trial or currently unused accounts. Additionally, we found that about 7,000 of those passwords d and email address combinations matched credentials for active Ancestry customers. As part of our investigation, our team also uncovered other usernames that were present on the RootsWeb server that, though not on the file shared with us, we reasonably believe could have been exposed externally,” the blog post explained.

The plan

To tackle the situation, the company has taken RootsWeb offline and plan to bring it back with additional security measures to ensure user data remains secure. Those affected by the breach have been already informed and urged to change their passwords.

Furthermore, accounts of 55,000 customers who used the same credentials at RootsWeb’s surname list and Ancestry have been locked and require them to create a new password upon their next login.

RootsWeb data available for download

On December 4th, 2017, RootsWeb was posted on a hacking forum for anyone to download it and contained emails and their plaintext passwords.The data is still available on the hacker forum which means customers should change their passwords without further delay.

Ancestry.com' RootsWeb breach: 300,000 plaintext accounts leaked
Screenshot from the data available on a hacking forum

A look at the data indicates that hackers stole the data from following domain:

rsl.rootsweb.ancestry.com

Not for the first time

This is not the first time when Ancestry was under cyber attacks. In June 2014, the company said its servers crashed due to a series of distributed denial of service (DDoS) attacks. However, no customer data was stolen back then.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.