Hacked DNA Testing Service Leaks Personal Data of Millions of Customers
MyHeritage, a DNA testing and family heritage site, was hacked. The Israeli owned company currently has over 96 million customers. Email addresses and encrypted passwords of all customers were compromised during the hack. Of the 96 million customers, 1.4 million users have used the DNA testing services offered by MyHeritage.
The data breach occurred on October 26, 2017. MyHeritage was not aware of the hack until Monday, June 4. Only those who were customers at that time are affected by the hack. A file named “myheritage” was discovered on another web server. The web server was not owned or operated by MyHeritage. The file contained customer email addresses and encrypted passwords of over 92 million of MyHeritage’s customers. It is unclear if the compromised data was used by the hackers in any way. It is also unknown how the data file was acquired or how it ended up on a server outside of the company’s control.
DNA data is stored separately from the user account information. The user passwords were encrypted and the DNA data was stored elsewhere requiring further access information. DNA data was not compromised in this data breach. However, there have been past cases where hacked passwords were reverse engineered to gain access to their corresponding online accounts.
How Do Genealogy Websites Work?
Genealogy websites, also known as heritage websites, like MyHeritage analyze customer submitted DNA to determine family trees. Customers purchase a sampling kit that is mailed to them. After following a few simple steps to swab for a saliva sample and sending the sample in for analysis, customers are notified of their likely heritage. Customers can also search historical records to help find potential relatives.
MyHeritage plans on retaining an independent cyber security firm to investigate the hack. All customers should change their passwords to prevent unauthorized access to their information.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers