What happened in the MyHeritage breach
MyHeritage said a security researcher notified the company on June 4, 2018, of a file found on a private server outside of the company. After analyzing the file, a MyHeritage security team determined that its contents originated from the company and included the email addresses and hashed passwords of 92,283,889 users.
MyHeritage said the information exposed involved users who had signed up for the service through October 26, 2017, the date of the breach.
The security researcher reported finding no other data related to the company on the server where the file was found. And MyHeritage says there’s been no evidence that the perpetrators have used the data in the file.
MyHeritage said it has no reason to believe that the breach compromised any of its other systems. The company notes that it stores information such as family trees and DNA data on segregated systems – separate from those that store the email addresses – that include added layers of security. The company also says it doesn’t store credit card information.
MyHeritage reports it’s further investigating the breach and engaging an independent cyber security company to assist. That firm will help determine the scope of the intrusion and recommend steps to help prevent such incidents.
What MyHeritage users should do now
If you use MyHeritage, the company recommends that you change your password. Instructions are available on the company’s help center. The company says it is also expiring all user passwords on its site, a process that will take a few days. This includes user accounts affected by the breach, as well as the four million additional accounts added since October 26, 2017.
Users who have questions can also contact the company’s customer support team via email at firstname.lastname@example.org or by phone via the toll-free number (USA) +1 888 672 2875, available around the clock.
The company says that its other websites and services, such as Geni.com and Legacy Family Tree, were not affected by the incident.
This breach is a reminder that different organizations with whom you do business store your information in many different places that are beyond your control. As a result, you should always be mindful of security. Use unique passwords on each of your accounts – and make sure they’re strong.
It also makes sense to monitor the news for reports of data breaches and other cyber security incidents that may affect your personal information. You may also want to consider an identity theft protection service, such as Norton with LifeLock, that helps protect you against identity theft and works to restore your identity if you become a victim.