Data Exposed for 92 Million Users of DNA Testing Company

By Paul Ausick Updated Jan 11, 10:43PM EST · Published Jun 6, 9:05AM EDT

Follow 24/7 Wall St. on Google

This post may contain links from our sponsors and affiliates, and Flywheel Publishing may receive compensation for actions taken through them.

Data Exposed for 92 Million Users of DNA Testing Company — © Thinkstock

An Israel-based genealogy and DNA testing firm, MyHeritage, confirmed on Monday a report that a file including the email addresses of more than 92 million users had been “found” on a private server outside the company. In addition to email addresses, hashed (mathematically scrambled and difficult to reverse) versions of user passwords were also contained in the wandering file.

According to the company’s blog post “no other data related to MyHeritage was found on the private server.” Since the data breach that occurred on October 26, 2017, the company said it has found no evidence that the data in the file has ever been used.

The company outlined the steps it was taking to determine what happened and to strengthen the security of its users’ data, including rolling out a two-factor authentication feature that customers may use, if they so choose. MyHeritage also encourages users to change their passwords.

Security researcher Brian Krebs points out that MyHeritage’s assurances about the security of user DNA and ancestry data depend on the strength of the hashing routine used to scramble user passwords. The company said it does not store user passwords, “but rather a one-way hash of each password, in which the hash key differs for each customer.”

[nativounit]

Which hashing algorithm the company used can make a big difference here. As described and if properly implemented, MyHeritage’s password security system would be very effective.

Krebs also notes:

[If the data file was stolen and not inadvertently exposed, t]here is a good chance that the attackers will be trying to crack all user passwords. And if any of those passwords are crackable, the attackers will then of course get access to the more personal data on those users.

An obvious question is why MyHeritage doesn’t just force all its customers to reset their passwords rather than just recommending a reset. That way if the file was indeed stolen and the hashed passwords are cracked by the thieves those passwords would be worthless.

For more details check out Krebs on Security’s website.

[recirclink id=468791]

[wallst_email_signup]

About the Author Paul Ausick →

Paul Ausick has been writing for 247Wallst.com for more than a decade. He has written extensively on investing in the energy, defense, and technology sectors. In a previous life, he wrote technical documentation and managed a marketing communications group in Silicon Valley.

He has a bachelor's degree in English from the University of Chicago and now lives in Montana, where he fishes for trout in the summer and stays inside during the winter.

Continue Reading

15 Most Famous Cyberattacks of All Time

Douglas A. McIntyre | May 15, 2017 at 11:19 AM EDT

15 Most Famous Cyberattacks of All Time

The WannaCry ransomeware attack has been described at the largest cyberattack of all time. Here are 10 others.

Paul Ausick | Sep 6, 2014 at 8:55 AM EDT

The 10 Biggest Data Hacks of All Time

The cyberattacks that have compromised the most data have affected tens of millions of people and involved hundreds of millions…

Up to 3 Million Affected by T-Mobile Data Breach

Paul Ausick | Aug 24, 2018 at 10:10 AM EDT

Up to 3 Million Affected by T-Mobile Data Breach

Late Thursday, T-Mobile posted a notice that it had shut down an attack on its customer information and said that…

Quora Hack Hits 100 Million Accounts

Douglas A. McIntyre | Dec 4, 2018 at 6:55 AM EST

Quora Hack Hits 100 Million Accounts

Question-and-answer site Quora was hacked and data on about 100 million users was exposed.

Trey Thoelcke | Dec 5, 2013 at 7:20 AM EST

Two Million Passwords Snatched From Facebook, Google, Twitter and Others

ThinkstockAs if there weren’t enough reminders for Internet users to frequently change their passwords, this week came news that more…

Under Armour: Even a Maker of Cheap Apparel Can Be a Hacker’s Target

Douglas A. McIntyre | Mar 30, 2018 at 6:30 AM EDT

Under Armour: Even a Maker of Cheap Apparel Can Be a Hacker’s Target

The Under Armour hack generated a great deal of press coverage because of its size. The seriousness of the event is…

Paul Ausick | Jun 6, 2012 at 4:42 PM EDT

6.5 Million LinkedIn Passwords Posted to Hacker Site

About 8 million cryptographic hashes have been posted to a user forum at insidepro.com that is dedicated to cracking passwords.…

Douglas A. McIntyre | Feb 26, 2014 at 6:25 AM EST

360 Million User Names and Passwords For Sale

ThinkstockThe sheer amount of data about people’s private online information that is available for sale by criminals reached a staggering…

This Corporate Data Breach Lasted 3 Years and Exposed 3 Billion Accounts

David Beren | Jan 22, 2025 at 7:45 AM EST

This Corporate Data Breach Lasted 3 Years and Exposed 3 Billion Accounts

While every business hopes to protect and secure its data networks, sometimes, the worst-case scenario occurs, and a data breach…

Top Gaining Stocks

Akamai

AKAM • Vol: 21,556,944

+$31.02

+26.58%

$147.71

Micron Technology

MU • Vol: 65,135,624

+$100.18

+15.49%

$746.81

Intel

INTC • Vol: 227,504,426

+$15.30

+13.96%

$124.92

Monster Beverage

MNST • Vol: 15,284,847

+$10.32

+13.58%

$86.29

Dell Technologies

DELL • Vol: 12,167,525

+$30.19

+13.11%

$260.46

Top Losing Stocks

Mettler Toledo International

MTD • Vol: 539,266

-$194.83

14.77%

$1,124.46

Motorola Solutions

MSI • Vol: 3,101,643

-$49.21

11.36%

$383.99

Expedia

EXPE • Vol: 4,189,786

-$22.81

9.02%

$229.98

Coterra Energy

CTRA • Vol: 73,319,495

-$3.07

8.62%

$32.56

Fidelity National Information Services

FIS • Vol: 11,468,820

-$3.76

7.96%

$43.49