Skip to main content

92 million accounts at DNA testing service MyHeritage have been hacked

DNA testing service MyHeritage said that a third-party security researcher discovered a file on a private server outside MyHeritage’s network that contained email addresses and hashed passwords of everyone who signed up for the service before and on the day of the breach: October 26, 2017. After receiving said file, the company’s Information Security Team verified the content and began an investigation into how someone obtained the information of more than 92 million individuals. 

“MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer,” the company says. “This means that anyone gaining access to the hashed passwords does not have the actual passwords.” 

That could be why MyHeritage didn’t find any unusual activity associated with the compromised accounts after the October 2017 breach. The file containing the data simply sat on the external web server untouched by whoever retrieved the data from MyHeritage’s database. With only the email addresses on hand, the perpetrator(s) likely couldn’t break into any accounts. 

According to MyHeritage, no other information could be obtained by the individual or party responsible for the breach. All payment information resides on third-party services such as PayPal and BlueSnap while family trees and DNA data are stored on a completely separate network and database. So far, there is no evidence that the hacker(s) infiltrated those systems too. 

In addition to forming an internal Information Security Incident Response Team to investigate the breach, MyHeritage also turned to an independent cybersecurity firm for help in determining the extent of the breach, and how to better increase network security to prevent a similar incident in the future. 

Meanwhile, the company plans to expedite development of its upcoming two-factor authentication service. That is an additional security component requiring a second form of identity verification outside the username and password, such as a smartphone for codes sent via SMS messages, fingerprint scanners, facial recognition, or specific apps. The company didn’t say when its two-factor authentication service will go live. 

Despite the hashed passwords found in the leaked data, registered MyHeritage customers are urged to change their passwords as explained here. No other actions are required outside taking advantage of the two-factor service when it eventually goes live.  

“As always, your privacy and the security of your data are our highest priority,” the company says. “We continually assess our procedures and policies and seek new ways to improve our approach to security. We understand the importance of our role as custodians of your information and work every day to earn your trust.” 

The breach went unnoticed until 1 p.m. EST on June 4, 2018 when the security researcher contacted MyHeritage. That means the data sat unused on the external web server for around seven months, giving the hacker(s) plenty of time to infiltrate accounts and gather additional data. But all that effort to infiltrate MyHeritage produced a long list of over 92 million email addresses. 

“We are taking steps to inform relevant authorities as per the General Data Protection Regulation,” the Israel-based company states. 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This Alienware gaming laptop with RTX 4070 is over $500 off today
Alienware m18 laptop sitting on a table.

While there are gaming laptop deals on affordable devices, hardcore gamers may be looking at the other direction -- the most powerful devices that you can get with a discount. This one fits the bill -- the Alienware m18 gaming laptop for $1,950, following Dell's $550 discount on its original price of $2,500. We're not sure how much time is remaining on this offer, so you're going to have to be quick with your purchase if you want to make sure that you're able to grab this bargain.

Why you should buy the Alienware m18 gaming laptop
The specifications of the Alienware m18 allow it to challenge the performance of the best gaming laptops -- the AMD Ryzen 9 7845HX processor, Nvidia GeForce RTX 4070 graphics card, and 32GB of RAM. You won't run into any issues if you choose to play the best PC games at their highest settings, and you won't have to worry that your gaming laptop won't be enough for any upcoming PC games. All that power will be on full display on the Alienware m18's large 18-inch screen with Full HD+ resolution and a 480Hz refresh rate.

Read more
Dell’s MacBook alternative has a $300 discount today
Dell XPS 13 Plus front view showing display and keyboard deck.

If you've had your eye on MacBook deals for a while but you've been hesitant on investing in Apple's laptops for whatever reason, check out this offer for the Dell XPS 13 Plus, which is one of the brand's most popular MacBook alternatives. From its original price of $1,499, it will be yours for $1,199, for savings of $300 that you can spend on software and accessories. You're going to have to be quick with your purchase though, as we're not sure how much time is remaining before this bargain expires, and there's no telling when you'll get another chance at one of the most interesting laptop deals around.

Why you should buy the Dell XPS 13 Plus laptop
The Dell XPS 13 Plus will be able to keep up with all kinds of demanding tasks with its 13th-generation Intel Core i7 processor, integrated Intel Iris Xe Graphics, and 16GB of RAM. It also comes with a 512GB SSD for ample storage space, Windows 11 Home pre-installed, and a 13.4-inch screen with Full HD+ resolution. The laptop features a zero-lattice keyboard with large and deep keycaps for a comfortable typing experience, and a glass haptic touchpad that's highly precise.

Read more
The 23andMe data breach just keeps getting scarier
A 23andMe kit

The 23andMe breach that took place in October has been confirmed as much worse than originally reported, affecting 6.9 million people, as opposed to the 14,000 users first thought.

Information stolen in the breach included users' full names, birth years, relationship labels, and locations. Approximately 1.4 million users also had Family Tree profile information on the service compromised. Hackers could also access genetic information in the breach, including details about common DNA percentages shared with relatives, and specifics such as chromosome matching, according to a spokesperson.

Read more