Millions of email addresses leaked from genealogy site MyHeritage

News
By published

Security researcher discovered data in a plain text file

MyHeritage homepage

MyHeritage – a genealogy site specializing in family trees and DNA testing  – is investigating a major security breach after a security researcher found email addresses and hashed passwords belonging to 92 million of its users. Information in the file dated back to October 27 2017, so anyone who registered an account before that date could be affected.

After discovering the email data in a plain text file, the researcher alerted the company, which set its own security staff to work. It also enlisted the help of an independent cybersecurity team

The security experts found no evidence of other user data on the server, and because the passwords were hashed, only the email addresses were readable. MyHeritage also noted that there's no evidence the data on the server was ever used. 

"MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer," the site said in a blog post. "This means that anyone gaining access to the hashed passwords does not have the actual passwords."

Relative risks

Other data, including that used to build family trees, is stored separately and wasn't compromised, and there was no risk of credit card details being stolen because the site processes payments using PayPal exclusively.

The email addresses are valuable though, and such a huge list would be a handy starting point for criminals to launch a phishing campaign.

This leak is particularly embarrassing because its discovery comes immediately after implementation of the EU's new General Data Protection Regulation (GDPR), which stresses that any company that holds personal information must take care to stop it falling into the wrong hands – information that forms the foundation of sites like MyHeritage.

MyHeritage recommendeds that all its users change their passwords just in case, and notes that it'll be upgrading to two-factor authentication soon, enabling users to lock down their accounts more tightly – particularly against phishing attacks.

Via Engadget

See more Computing News
Cat Ellis
Cat Ellis
Homes Editor

Cat is TechRadar's Homes Editor specializing in kitchen appliances and smart home technology. She's been a tech journalist for 15 years and is an SCA-certified barista, so whether you want to invest in some smart lights or pick up a new espresso machine, she's the right person to help.

Latest in Computing Security
Dark Web monitoring
How users benefit from Dark Web monitoring
The X logo next to a silhouette of Elon Musk
Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
A person holding a phone looking at a scam text with warning signs around
A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
View on National Assembly building in Paris, France, with French and European flags flying.
France rejects controversial encryption backdoor provision
ensure data security for your business
The complete data protection system for your business
ignal messaging application President Meredith Whittaker poses for a photograph before an interview at the Europe's largest tech conference, the Web Summit, in Lisbon on November 4, 2022.
"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about computing security
Dark Web monitoring

How users benefit from Dark Web monitoring
A person holding a phone looking at a scam text with warning signs around

A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
Llama Water Tracker

My days of forgetting to drink water are over thanks to this adorable little app
See more latest
Most Popular
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD
Asus Vivobook 18
The Asus Vivobook 18 is the only affordable 18-inch laptop right now, and it comes with a powerful CPU no other laptop has
Peter Claffey as Ser Duncan the Tall in The Knight Of The Seven Kingdoms
A Knight Of The Seven Kingdoms: The Hedge Knight – everything we know so far about HBO's Game of Thrones prequel
Vinpower iXFlash and iXFlash Cube
This tiny 2TB USB Flash drive can both charge and backup your iPhone at the same time