Online Genealogy Platform MyHeritage Confirms Leak of Private Information Belonging to Over 92 Million Clients

Popular online genealogy service provider MyHeritage has confirmed that private information of over 92 million clients was compromised in a cyber breach incident that occurred last year.

According to reports, a security researcher found a stash of files including sensitive information belonging to millions of MyHeritage clients and subscribers. In a blog post on Monday, the company confirmed that it was alerted by the said researcher and that it later verified that the information belongs to 92,283,889 users who have all signed up for an account on the MyHeritage website.

The hacked information includes email addresses and hashed passwords entered into their server up until the attacker hacked their system. Even worse, the said breach happened on Oct. 26, 2017 but was only discovered by the company recently through the report of the security researcher.

On a positive note, MyHeritage did not store user passwords in plaintext. So, the company believes that the attacker was not able to use the hacked information.

MyHeritage says it is confident that no other sensitive information was obtained through its website. In the case of credit card numbers typed on the website, these are stored through third-party billing companies like PayPal and BlueSnap and not on MyHeritage servers.

“Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised,” MyHeritage added.

Meanwhile, the company also believes that no other cyber breach happened after the incident.

As of MyHeritage’s blog post on Monday, the company is still investigating to finalize the complete scope of the cybersecurity attack by installing its own Information Security Incident Response Team and enlisting the service of “a leading, independent cybersecurity firm.”

The company also promised to speed up the addition of a two-factor authentication feature on its website for added security. But for now, people who have signed up on MyHeritage are advised to immediately change their passwords.