92 million accounts hacked at DNA testing service MyHeritage

Share

"MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer", the site said in a blog post.

The security experts found no evidence of other user data on the server, and because the passwords were hashed, only the email addresses were readable. The website now has 96 million users from around the world with 1.4 million of them who have taken the DNA test. The company doesn't store users' actual passwords; it transforms them into a jumble of characters, and performs the same operation when you enter your password to see if it matches the stored data.

Hashing passwords is a one-way encryption process allowing sensitive data to be stored easily, and although there are theoretically ways to reverse hashing, they involve vast amounts of computing power and quite a bit of luck.

No other MyHeritage data was found on the server, and the company says it has "no reason to believe that any other MyHeritage systems were compromised". A hacker able to decrypt the hashed passwords exposed in the breach could access personal information accessible when logging into someone's account, such as the identity of family members.

The Israeli-based company's information security team reviewed the file and confirmed the data was from MyHeritage. This server contained email addresses and hashed passwords. After investigators tracked down a suspect in the Golden State Killer case using a genealogy website that, like MyHeritage, allows users to upload raw genetic information, privacy concerns about shared DNA data have also surged.

Tesla Teases Model Y Compact SUV
I think most of the increase comes from Musk's confidence in hitting the Model 3 production goals and achieving profitability. After raising money for the Boring Company by selling hats, Musk tweeted he would next sell flamethrowers.

"Here's what many consumers don't realize, that their sensitive information can end up in the hands of unknown third-party companies", Schumer said last November. But, Hercher said, the security breach involving MyHeritage doesn't seem to be any different than security breaches at other companies that don't work with genetic information.

MyHeritage has also taken steps to inform relevant authorities, as per new GDPR rules.

In the meantime, it urged users to change their passwords.

However, MyHeritage has reemphasized in its statement that it hosts its DNA data on "a segregated system", which includes added layers of security, and no data has been breached.

Two-factor authentication was already in development, but the team is "expediting" its rollout, so if you're a user, be sure to set that up as soon as it's available.

Share