Skip to main content

92 million accounts at DNA testing service MyHeritage have been hacked

DNA testing service MyHeritage said that a third-party security researcher discovered a file on a private server outside MyHeritage’s network that contained email addresses and hashed passwords of everyone who signed up for the service before and on the day of the breach: October 26, 2017. After receiving said file, the company’s Information Security Team verified the content and began an investigation into how someone obtained the information of more than 92 million individuals. 

“MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer,” the company says. “This means that anyone gaining access to the hashed passwords does not have the actual passwords.” 

Recommended Videos

That could be why MyHeritage didn’t find any unusual activity associated with the compromised accounts after the October 2017 breach. The file containing the data simply sat on the external web server untouched by whoever retrieved the data from MyHeritage’s database. With only the email addresses on hand, the perpetrator(s) likely couldn’t break into any accounts. 

According to MyHeritage, no other information could be obtained by the individual or party responsible for the breach. All payment information resides on third-party services such as PayPal and BlueSnap while family trees and DNA data are stored on a completely separate network and database. So far, there is no evidence that the hacker(s) infiltrated those systems too. 

In addition to forming an internal Information Security Incident Response Team to investigate the breach, MyHeritage also turned to an independent cybersecurity firm for help in determining the extent of the breach, and how to better increase network security to prevent a similar incident in the future. 

Meanwhile, the company plans to expedite development of its upcoming two-factor authentication service. That is an additional security component requiring a second form of identity verification outside the username and password, such as a smartphone for codes sent via SMS messages, fingerprint scanners, facial recognition, or specific apps. The company didn’t say when its two-factor authentication service will go live. 

Despite the hashed passwords found in the leaked data, registered MyHeritage customers are urged to change their passwords as explained here. No other actions are required outside taking advantage of the two-factor service when it eventually goes live.  

“As always, your privacy and the security of your data are our highest priority,” the company says. “We continually assess our procedures and policies and seek new ways to improve our approach to security. We understand the importance of our role as custodians of your information and work every day to earn your trust.” 

The breach went unnoticed until 1 p.m. EST on June 4, 2018 when the security researcher contacted MyHeritage. That means the data sat unused on the external web server for around seven months, giving the hacker(s) plenty of time to infiltrate accounts and gather additional data. But all that effort to infiltrate MyHeritage produced a long list of over 92 million email addresses. 

“We are taking steps to inform relevant authorities as per the General Data Protection Regulation,” the Israel-based company states. 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
The Lenovo IdeaPad Slim 3 Chromebook is less than half-price — down to $189
The front and back view of the Lenovo IdeaPad Slim 3. Chromebook

If you can't find laptop deals that fit a tight budget, you may want to consider looking at Chromebook deals instead. Here's a very affordable offer from Best Buy: the Lenovo IdeaPad Slim 3 Chromebook for just $189, for savings of $210 on its original price of $399. We're not sure if stocks will still be available by tomorrow though, so we highly recommend proceeding with your purchase of the device today if you don't want to miss out on this chance to get it for less than half-price.

Why you should buy the Lenovo IdeaPad Slim 3 Chromebook

Read more
The Samsung Odyssey G3 gaming monitor is even more affordable at $80 off
The Samsung Odyssey G3 gaming monitor on a white background.

While there are Samsung monitor deals for premium screens, you'll be happy to know that there are also some affordable options like the 24-inch Samsung Odyssey G3 gaming monitor. In fact, its price is even lower right now following an $80 discount from Best Buy, which brings it down from $200 to just $120. You're going to have to be quick with your purchase though, as we're not sure how much time is remaining before this offer expires, and once it's gone, there's no telling when you'll get another chance at it.

Why you should buy the 24-inch Samsung Odyssey G3 gaming monitor

Read more
Leak suggests Snapdragon X Elite 2 will give laptops a serious performance boost
Angled front view of the Dell XPS 13 with Snapdragon X Elite processor inside.

Qualcomm's big entrance into the laptop market last year got a lot of attention and now, leaks about its next-gen Snapdragon laptop chips are slowly starting to emerge. Known Weibo leaker Fixed Focus Digital claims that boost clock speeds will start at 4.4 GHz and estimates performance gains between 18 and 22%.

https://twitter.com/Jukanlosreve/status/1912018674233532691

Read more