On Monday, online genealogy company MyHeritage Ltd. released a statement revealing the emails of some 92 million of its users were stolen during a security breach dated October 26, 2017. Its database now has DNA samples from over 1.25 million people. MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer.
MyHeritage said that the hashing is "one-way", meaning that it is nearly impossible to turn the hashed password back into the original.
The security researcher reported that no other data related to MyHeritage was found on the private server.
The company noted it was complying with recently enacted General Data Protection Regulation (GDPR) rules form the European Union, given its multinational customer base. Hashed passwords should generally be considered secure.
Mr Deutsch added: "Immediately upon receipt of the file, MyHeritage's Information Security Team analysed the file and began an investigation to determine how its contents were obtained and to identify any potential exploitation of the MyHeritage system".
Facebook Accused of Giving Users' Personal Data To Every Major Device Maker
The report says that the company hasn't only been sharing user data with their device makers but also their friends', as well. It said information such as photos was only accessible on devices if users had chosen to share the data with those friends.
China: Tariffs by U.S. would wipe out trade progress
Ross is expected to seek a firmer commitment to buy more American farm goods, energy and other products and services. The deal was seen as a turning point after the tariffs appeared to push the U.S. and China close to a trade war .
Magnitude 5.5 quake strikes Kilauea summit
Snyder said Kapoho Bay is nearly completely filled with lava, with the flow from fissure 8 protruding 0.7 miles into the bay. Scientists say lava from Hawaii's Kilauea volcano has covered a total for 8 square miles (20 square kilometers).
A hacker who gains access to the hashed passwords doesn't have the actual passwords, MyHeritage said.
"We believe the intrusion is limited to the user email addresses", MyHeritage added. Credit card information isn't stored on MyHeritage, it said, but is instead stored on "trusted third-party billing providers" like BlueSnap and PayPal. So the passwords are probably safe, but MyHeritage has advised all its users to change theirs regardless, and they should. Sensitive information, such as family tree or DNA data, are stored on segregated systems separate from the servers that store email addresses, and are fitted with additional layers of security.
The barrage of data breaches highlights the heightened risks of identity theft and the continued vulnerabilities presented by databases of customer information and mobile apps.
Two-factor authentication was already in development, but the team is "expediting" its rollout, so if you're a user, be sure to set that up as soon as it's available.
MyHeritage said it will hire an independent cybersecurity firm to help probe the breach and provide recommendations about how to prevent security lapses going forward.