Hack of DNA Website Exposes Data From 92 Million Accounts

Hack of DNA Website Exposes Data From 92 Million Accounts

Emails and hashed passwords of users who registered for the service, up to and including October 26, 2017 - the date of the breach, were found on a private server, the company confirmed Monday. The company determined the file was legitimate and contained the information of 92,283,889 users who had created an account up to the breach date.

Deutsch said that the site learned of the breach only yesterday after an unnamed security researcher contacted the company.

The breach took place on October 26 previous year, and consisted of the email addresses and hashed passwords of users who signed up to the website up to the date of the breach, according to the blog post.

A security breach at family networking and genealogy website MyHeritage leaked the data of over 92 million users, the company said in a blog posted on Monday. "This means that anyone gaining access to the hashed passwords does not have the actual passwords", the company wrote.

"We believe the intrusion is limited to the user email addresses", MyHeritage added.

The email addresses are valuable though, and such a huge list would be a handy starting point for criminals to launch a phishing campaign.

World’s Biggest Wealth Fund Backed Motion to Split Musk’s Roles at Tesla
A battery factory in China, in addition to expanding production, could allow Tesla to avoid import tariffs there. He acknowledged this was a counterintuitive prediction after Tesla's trying experiences over the past year .

Immediately upon learning about the incident, we set up an Information Security Incident Response Team to investigate the incident.

The post went on to explain that the company does not store user passwords, only a one-way hash of each password, and the hash key, known as salt, differs for each user.

MyHeritage - a website that helps people research their family tree and also offers a DNA testing service - has suffered a "cybersecurity incident".

DNA databases have come under closer scrutiny as more online companies commoditize the service, offering genetic sequencing at low prices and warehouse the data. Popularized by companies such as 23andMe and Ancestry.com, the testing and analysis of ancestry data has also raised questions in recent weeks over the potential misuse of such sensitive information.

"I would rather give someone my DNA than my social security number, my search history, or my credit card", she said.

"If you do choose to provide genetic data to an organisation, it's vital to enable the maximum security settings, turning on features such as two factor authentication once available, and check what you are "agreeing" to when sharing it, as you may be unwittingly giving access - or even consent - to share this data more widely than is needed, even to other third party organisations".

Related Articles