92 million accounts at DNA testing service MyHeritage have been hacked

DNA testing service MyHeritage said that a third-party security researcher discovered a file on a private server outside MyHeritage’s network that contained email addresses and hashed passwords of everyone who signed up for the service before and on the day of the breach: October 26, 2017. After receiving said file, the company’s Information Security Team verified the content and began an investigation into how someone obtained the information of more than 92 million individuals. 

“MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer,” the company says. “This means that anyone gaining access to the hashed passwords does not have the actual passwords.” 

That could be why MyHeritage didn’t find any unusual activity associated with the compromised accounts after the October 2017 breach. The file containing the data simply sat on the external web server untouched by whoever retrieved the data from MyHeritage’s database. With only the email addresses on hand, the perpetrator(s) likely couldn’t break into any accounts. 

According to MyHeritage, no other information could be obtained by the individual or party responsible for the breach. All payment information resides on third-party services such as PayPal and BlueSnap while family trees and DNA data are stored on a completely separate network and database. So far, there is no evidence that the hacker(s) infiltrated those systems too. 

In addition to forming an internal Information Security Incident Response Team to investigate the breach, MyHeritage also turned to an independent cybersecurity firm for help in determining the extent of the breach, and how to better increase network security to prevent a similar incident in the future. 

Meanwhile, the company plans to expedite development of its upcoming two-factor authentication service. That is an additional security component requiring a second form of identity verification outside the username and password, such as a smartphone for codes sent via SMS messages, fingerprint scanners, facial recognition, or specific apps. The company didn’t say when its two-factor authentication service will go live. 

Despite the hashed passwords found in the leaked data, registered MyHeritage customers are urged to change their passwords as explained here. No other actions are required outside taking advantage of the two-factor service when it eventually goes live.  

“As always, your privacy and the security of your data are our highest priority,” the company says. “We continually assess our procedures and policies and seek new ways to improve our approach to security. We understand the importance of our role as custodians of your information and work every day to earn your trust.” 

The breach went unnoticed until 1 p.m. EST on June 4, 2018 when the security researcher contacted MyHeritage. That means the data sat unused on the external web server for around seven months, giving the hacker(s) plenty of time to infiltrate accounts and gather additional data. But all that effort to infiltrate MyHeritage produced a long list of over 92 million email addresses. 

“We are taking steps to inform relevant authorities as per the General Data Protection Regulation,” the Israel-based company states. 

Computing

1.5% of Chrome users’ passwords are known to be compromised, according to Google

In February, a new feature was introduced to the Google Chrome browser which checks whether users' passwords are secure. Now, Google has released eye-opening stats gathered from Password Checkup.
News

Lawsuit over Capital One data breach could eventually get you sweet revenge

The law firm Colson Hicks Eidson has filed a class-action lawsuit against Capital One “for negligence in failing to safeguard consumers’ personal information” in the recent data breach that impacted 100 million consumers.
Health & Fitness

We spit in a ton of test tubes to find the best and most unique DNA tests

DNA tests aren’t just limited to ancestry. You can test for your risks for certain diseases, the best workouts and diets for your health and fitness, and more.
Computing

Windows 10 has two critical vulnerabilities; update now to avoid infection

Microsoft recently alerted users that it patched two critical remote code execution (RCE) "wormable" vulnerabilities, which could have allowed hackers to spread malware to PCs. If you haven't updated Windows 10 yet, get on it.
Computing

Keep your laptop battery in tip-top condition with these handy tips

Learn how to care for your laptop's battery, how it works, and what you can do to make sure yours last for years and retains its charge. Check out our handy guide for valuable tips, no matter what type of laptop you have.
Deals

Now’s your chance to get the latest iPad Pro for $100 less on Amazon

The latest iPad Pro has always been our favorite since its release last year, and we even tagged it as the best tablet ever. Don’t miss out on Amazon’s discount on the 12-inch 256GB Wi-Fi model and get yours today for $1,049.
Computing

Latest Windows 10 update is causing random reboots and can break Visual Basic

The latest update for Windows 10, made available on Tuesday this week, includes patches against two critical vulnerabilities. But it is causing a string of issues including random reboots and failure to install.
Computing

From Chromebooks to MacBooks, here are the best laptop deals for August 2019

Whether you need a new laptop for school or work, we have you covered. We've put together a list of the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Deals

Amazon cuts $52 off this Samsung Galaxy 10.1-inch tablet for the whole family

Normally priced at $330, you can grab the Samsung Galaxy Tab A 10.1-inch 128GB Wi-Fi tablet now for only $278 and enjoy $52 savings. On top of that, Amazon is offering an extra $28 discount when you apply for a coupon during checkout.
Computing

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…
Computing

Tired of your Mac freezing? Try these tips to fix your Mac

A Mac that keeps freezing can be an incredibly annoying thing to deal with, but fixing it doesn’t have to be a pain. There are six main things you should try, which we got through in this guide to help you fix the issue once and for all.
Computing

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Computing

Enjoy your music on more devices: Here's how to convert FLAC to MP3

FLAC files sound awesome — that is, if your device can handle the lossless format. No matter your OS there's a converter for you. Here's how to convert FLAC to MP3, so you no longer have to worry about incompatibility issues.