Ancestry Takes Action After RootsWeb Server Breach



Ancestry.com alerted its users that a data breach occurred on a specific RootsWeb server. The information received by Ancestry’s Information Security Team came from a security researcher who said he found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server.

Ancestry.com pointed out that the file found by the security researcher contained information related to users of RootsWeb’s surname list information, which is a service that Ancestry retired earlier in 2017. RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000.

Ancestry also pointed out that RootsWeb does not host sensitive information like credit card numbers or social security numbers. RootsWeb is not supported by the same infrastructure as Ancestry’s other brands. Ancestry confirmed that a very small number of accounts (less than 1% of their total customer group) used the same account credentials on both RootsWeb and an Ancestry commercial site. Ancestry is in the process of contacting those customers.

Ancestry also explained what they are doing about this situation. “First, for the approximately 55,000 customers who used the same credentials at RootsWeb’s surname list and Ancestry – whether currently active or not – we have locked their Ancestry accounts and will require that they create a new password the next time they visit.” It also clarified: “If you have not received an email or a notice requiring you to change your password, you have not been affected.”

In addition, Ancestry has made RootsWeb unavailable while Ancestry is in the process of improving the site. Information on RootsWeb says that Ancestry is “working to preserve all data on RootsWeb, and hope to have an update within a few weeks.”

The majority of Ancestry customers were not affected by this data breach. As such, most users do not need to do anything differently than they have before. That being said, Ancestry recommends that all users take the time to evaluate their own security settings. They advise that you should never use the same username and password for multiple sites or services. It is also a good idea to use longer passwords and change them often.

Related Articles at FamilyTree.com:

* Using RootsWeb.com

* Message Boards at RootsWeb

* RootsWeb WorldConnect

< Return To Blog

Leave a Reply

Your email address will not be published.