MyHeritage which runs a genetic analysis and family tree website, has been hacked and almost all of its 92 M registered user info has been compromised. The compromised info included emails and hashed passwords, but the company is claiming that the credit card info and genetic info of it’s users is safe.
The company came to know about the breach when a security researcher informed them about a file title ‘myheritage’ which contained all the user emails and hashed passwords was found in a private server.
Although it is quite difficult to unhash the passwords, but still the company has asked it’s users to change their passwords nevertheless. Company claimed that MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer. This means that anyone gaining access to the hashed passwords does not have the actual passwords.
Company made announcement through it’s blog post.
“Credit card information is not stored on MyHeritage to begin with, but only on trusted third-party billing providers (e.g. BlueSnap, PayPal) utilized by MyHeritage. Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised.”
Company also said that it is expediting its rollout of 2 factor authentication which was already in work when the incident happened. Company is also hiring an independent cybersecurity firm to do forensic review to determine the scope of breach.