MyHeritage had a Data Breach

MyHeritage posted a very important blog titled: “MyHeritage Statement About a Cybersecurity Incident”. Genealogists and family historians who have an account at MyHeritage should take the time to read it.

The blog provides details about what happened and what steps MyHeritage has taken after learning about the incident. MyHeritage started the post with:

“Today, June 4, 2018, at approximately 1pm EST, MyHeritage’s Chief Information Security Officer received a message from a security researcher that he had found a file named myheritage containing email addresses and hashed passwords, on a private server outside of MyHeritage. Our information Security Team received the file from the security researcher, reviewed it, and confirmed that its contents originated from MyHeritage and included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords.”

In short, MyHeritage’s Information Security Team analyzed the file and started an investigation. They determined the file was legitimate and included the email addresses and hashed passwords of 92,283,889 users who had signed up to MyHeritage up to and including October 26, 2017 (which is the date of the data breach).

MyHeritage says that it does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer. According to MyHeritage, this means that anyone gaining access to the hashed passwords does not have the actual passwords.

The Security Researcher reported that no other data related to MyHeritage was found on the private server. MyHeritage says there is no evidence that the data in the file was ever used by the perpetrators, and that the company hasn’t seen any activity indicating that any MyHeritage accounts had been compromised.

MyHeritage believes that the intrusion is limited to the user email addresses. Credit card information is not stored on MyHeritage (it is stored with trusted third-party billing providers).

MyHeritage says: “Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security.” MyHeritage does not believe those systems have been compromised.

If you are a MyHeritage user, and have concerns about this data breach, you can find information about where to contact MyHeritage in their blog post. MyHeritage recommends that users change their password on MyHeritage. They recommend you create a new, stronger, password. MyHeritage has released two-factor authentication for logging in to MyHeritage.

Related Articles at

* Ancestry Takes Action After RootsWeb Server Breach

* MyHeritage Releases New Collections with 325 Million Records

* MyHeritage Closed Applications to DNA Quest

< Return To Blog

Leave a Reply

Your email address will not be published.