MyHeritage Genealogy Site Announces Mega Breach Affecting 92 Million Accounts
Family genealogy and DNA testing site MyHeritage announced on Monday a security breach during which an attacker made off with account details for over 92 million MyHeritage users. The incident came to light after a security researcher found an archive on a third-party server containing the personal details of 92,283,889 MyHeritage users. The archive contained only emails and hashed passwords, but not payment card details or DNA test results.
MyHeritage says it uses third-party payment processors for financial operations, meaning payment data was never stored on its systems, while DNA test results were saved on separate servers from the one that managed user accounts. Based on the creation dates of some accounts, the breach appears to have taken place on October 26, 2017. It is unclear if the breach is the result of a hacker attack or because of a malicious employee selling the company’s data.
MyHeritage says that user accounts are safe, as the passwords were hashed using a per-user unique cryptographic key.