Hack of DNA website exposes data from 92 million user accounts
With the information exposed in the breach, a hacker could access personal info such as the identity of family members.
(Bloomberg) – Consumer genealogy website MyHeritage said that email addresses and password information linked to more than 92 million user accounts have been compromised in an apparent hacking incident.
MyHeritage said that its security officer had received a message from a researcher who unearthed a file named “myheritage” containing email addresses and hashed passwords of 92,283,889 of its users on a private server outside the company.
No evidence data ever used
“There has been no evidence that the data in the file was ever used by the perpetrators,” the company said in a statement late Monday.
MyHeritage lets users build family trees, search historical records and hunt for potential relatives. Founded in Israel in 2003, the site launched a service called MyHeritage DNA in 2016 that, like competitors Ancestry.com and 23andMe, lets users send in a saliva sample for genetic analysis. The website currently has 96 million users; 1.4 million users have taken the DNA test.
Related: Keeping client data safe while processing insurance claims
According to MyHeritage, the breach took place on Oct. 26, 2017, and effects users who signed up for an account through that date. With the information exposed in the breach, a hacker could access personal information such as the identity of family members.
It’s unlikely that a hacker could easily access a user’s raw genetic information, since a step in the download process included email confirmation. The hack didn’t include actual passwords, but a hash of each password that requires a different key to access for each customer.
Plans to hire independent cybersecurity firm to investigate
The company has set up a 24/7 support team to assist customers affected by the breach. It plans to hire an independent cybersecurity firm to investigate the incident and potentially beef up security. In the meantime, users are advised to change their passwords.
Privacy concerns about shared DNA data has surged
As consumer DNA testing has grown into a $99 million industry, questions about the security of users’ intimate data have increased as well. After investigators tracked down a suspect in the Golden State Killer case using a genealogy website that, like MyHeritage, allows users to upload raw genetic information, privacy concerns about shared DNA data have also surged.
Related:
6 common misconceptions about cybersecurity
Meeting cybersecurity risks head-on: A guide to breach preparedness