DNA Testing Service MyHeritage Hacked

Daniel Fowler
June 6, 2018

The Israeli-based MyHeritage said the hash key differs for each customer password, suggesting they were salted and hashed, making it harder for cybercriminals to decode the 92 million individual coded passwords.

One of the world's leading DNA-testing companies recently disclosed that a researcher had found on a private server the email addresses and hashed passwords of every customer that had signed up for its service.

As for sensitive DNA data and family tree information, MyHeritage says that info is stored on separate systems from the ones that store email addresses, "and they include added layers of security". The researcher said they had found a file containing users' data on a private server and passed a copy of the file along.

It includes the email addresses and hashed passwords of the more than 92 million users who signed up for the platform up to October 26, 2017, which was the date of the breach, according to a statement from MyHeritage.

The company emphasized that it does not store sensitive information, like user DNA data or family information, on the same system where it stores user email addresses. "Since Oct. 26, 2017 (the date of the breach) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromised".

"We have no reason to believe those systems have been compromised".

Bishops in Nicaragua condemn attacks on protesters
Ortega has been president of Nicaragua since 2007, and oversaw the abolition of presidential term limits in 2014. On April 18, the Nicaraguan army shot at people protesting reforms to the country's pension plan.

The company said it immediately launched an internal company investigation after learning of the possible intrusion, and has also hired a cybersecurity firm to conduct forensic analysis to determine the scope of the breach.

Since learning of the incident, the company has set up a response team to investigate. A 24-hour, toll-free number is also provided, 001 888 672 2875.

Deutsch nonetheless recommended that all registered MyHeritage users change their password anyway.

The MyHeritage incident marks the biggest data breach of the year, and the biggest leak since last year's Equifax hack. While that trust is often expected by customers, it's rarely earned.

"If you do choose to provide genetic data to an organisation, it's vital to enable the maximum security settings, turning on features such as two factor authentication once available, and check what you are "agreeing" to when sharing it, as you may be unwittingly giving access - or even consent - to share this data more widely than is needed, even to other third party organisations".

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER