MyHeritage data breach exposes info of more than 92 million users

MyHeritage DNA testing and family tree website investigating email and password breach, resetting all user passwords.

Image

If you use MyHeritage for testing your DNA and tracking your ancestry, you may need to change your password. That's the company's guidance following a data breach that exposed email addresses and encrypted passwords for more than 92 million users.

What happened in the MyHeritage breach

MyHeritage said a security researcher notified the company on June 4, 2018, of a file found on a private server outside of the company. After analyzing the file, a MyHeritage security team determined that its contents originated from the company and included the email addresses and hashed passwords of 92,283,889 users.

MyHeritage said the information exposed involved users who had signed up for the service through October 26, 2017, the date of the breach.

The security researcher reported finding no other data related to the company on the server where the file was found. And MyHeritage says there's been no evidence that the perpetrators have used the data in the file.

MyHeritage said it has no reason to believe that the breach compromised any of its other systems. The company notes that it stores information such as family trees and DNA data on segregated systems - separate from those that store the email addresses - that include added layers of security. The company also says it doesn't store credit card information.

MyHeritage reports it's further investigating the breach and engaging an independent cyber security company to assist. That firm will help determine the scope of the intrusion and recommend steps to help prevent such incidents.
 

What MyHeritage users should do now

If you use MyHeritage, the company recommends that you change your password. Instructions are available on the company's help center. The company says it is also expiring all user passwords on its site, a process that will take a few days. This includes user accounts affected by the breach, as well as the four million additional accounts added since October 26, 2017.

Users who have questions can also contact the company's customer support team via email at privacy@myheritage.com or by phone via the toll-free number (USA) +1 888 672 2875, available around the clock.

The company says that its other websites and services, such as Geni.com and Legacy Family Tree, were not affected by the incident.

This breach is a reminder that different organizations with whom you do business store your information in many different places that are beyond your control. As a result, you should always be mindful of security. Use unique passwords on each of your accounts - and make sure they're strong.

It also makes sense to monitor the news for reports of data breaches and other cyber security incidents that may affect your personal information. You may also want to consider an identity theft protection service, such as Norton with LifeLock, that helps protect you against identity theft and works to restore your identity if you become a victim.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 

Contents

    Want more?

    Follow us for all the latest news, tips and updates.