MyHeritage has announced that a file was found online containing email addresses and hashed passwords, on a private server outside of their own site. The file was discovered by a security researcher who sent it to MyHeritage’s Chief Information Security Officer. Their security team then confirmed that the file’s contents originated from MyHeritage. It includes the email addresses of all users who signed up to MyHeritage up to October 2017, and their hashed passwords.
Steps MyHeritage has taken
Upon receiving the file, MyHeritage began work investigating what caused the breach. They also began research to ensure no exploitation of the MyHeritage system. No other data from MyHeritage has been found on the server where the file was located. Additionally, it appears that no data in the file was ever used by the perpetrators. There is no evidence that any MyHeritage accounts have been compromised.
MyHeritage also immediately engaged an independent cybersecurity firm who is conducting a comprehensive forensic reviews to determine the scope of the intrusion. The firm will also be conducting an assessment and providing recommendations on steps that can be taken to help prevent such an incident from occurring in the future.
Due to the breach, MyHeritage will be expediting their work on an upcoming two-factor authentication feature. This will allow users to authenticate themselves using a mobile device in addition to a password, which will further strengthen MyHeritage accounts against illegitimate access.
Lastly, MyHeritage has set up a security customer support team to assist customers who have concerns or questions about the incident.
Your family tree, DNA and credit card info is safe
Credit card information is not stored on MyHeritage, but rather on trusted third-party billing providers such as PayPal. Other sensitive data such as family trees and DNA data are stored over segregated systems. This separates the data from the storage of the email addresses, and includes added layers of security. There is no reason to believe those systems have been compromised.
What MyHeritage members should do
If you have any questions or concerns about this incident, you can contact the MyHeritage security customer support team via email on firstname.lastname@example.org or by phone via the toll-free number 1-888-672-2875, available 24/7.
MyHeritage recommends that all registered users updated their password for maximum safety.we recommend that for maximum safety, they change their password on MyHeritage. Directions for doing this can be found here. Once MyHeritage releases the upcoming two-factor-authentication feature, they recommend all users take advantage of it.