There are data breaches and then there are data breaches. Depending on the personal or sensitive information that is being leaked, data breaches can be true privacy nightmares.
This may have been the case for MyHeritage customers, an Israeli-based genealogy and DNA testing service that almost exposed the data of 92 million account details. Apparently, researchers found those records sitting on a server, as evident by announcement made by MyHeritage. Luckily, nothing malicious has happened but a lesson should be learned, most definitely.
MyHeritage Almost-Data-Breach Explained
Here is part of MyHeritage’s official announcement:
Today, June 4, 2018 at approximately 1pm EST, MyHeritage’s Chief Information Security Officer received a message from a security researcher that he had found a file named myheritage containing email addresses and hashed passwords, on a private server outside of MyHeritage. Our Information Security Team received the file from the security researcher, reviewed it, and confirmed that its contents originated from MyHeritage and included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords, the announcement reads.
The sensitive data belongs to users who signed up to MyHeritage up to and including October 26, 2017, the date of the breach.
MyHeritage enables users to create family trees and search through historical records with the idea to unearth their ancestry. As reported in January 2017, the company has gathered 35 million family trees on its official website.
What are the consequences of the MyHeritage incident?
According to the company, there is no reason to believe that the sensitive user data has been compromised in any way. Customer credit card information is processed by third-parties like PayPal, and users’ DNA data is stored on systems other than those accommodating customer’s email addresses, MyHeritage claims.
Even though it appears that malicious actors haven’t had the chance to tamper with or access MyHeritage users’ accounts, the incident should serve as a reminder – both to companies and users. Password hygiene is a crucial step of online security, as well as the employment of two-factor authentication (2FA) where possible.
Apparently, MyHeritage is planning to introduce 2FA to its users. So, if you are a user of this service or some other similar service that deals with highly sensitive information, remember to sustain strong password hygiene and also employ 2FA.