MyHeritage, an Israeli DNA, and genealogy website has suffered a massive data breach in which email accounts and hashed passwords of 92 million users (92,283,889) who signed up to the service up to October 26, 2017, have been stolen.
The compromised MyHeritage data was discovered by a security researcher on a private server outside of MyHeritage and reported the incident to the company who after an in-depth analysis acknowledged the breach and published an official statement on June 4, 2018.
It is unclear who is behind the breach or how the data was stolen from MyHeritage’s server without leaving any trace – The stolen data contains information on customers up to Oct. 26. In their official blog post, Chief Information Security Officer of MyHeritage Omer Deutsch wrote that:
“We believe the intrusion is limited to the user email addresses,” Deutsch added. “Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security.”
The company has no indication that its systems were compromised which means sensitive data including users’ card information, DNA and family tree data is safe since all of it is stored on separate third-party servers.
Moreover, there is no indication that the compromised data was ever used for malicious purposes. However, MyHeritage has hired a cybersecurity firm to investigate the incident further. Additionally, the company plans to introduce two-factor authentication feature to avoid such intrusions from this point forward.
The company is also urging users to change their passwords and avoid using the same password for multiple services or websites.
However, this is not the first time that a DNA testing service has suffered a data breach. In December 2017, DNA testing and genealogy company Ancestry.com was hacked which allowed hackers to steal usernames, email, and plaintext passwords of 300,000 registered users.