The online genealogy website MyHeritage has said in a statement that they have experienced a significant “cybersecurity incident” that has resulted in nearly all of their member base having their emails and hashed passwords leaked.
According to their online statement, the data leak was discovered by an independent security researcher who stumbled on a large file containing over 92 million emails and hashed passwords. It is estimated that around 95 million people use the MyHeritage website.
What you need to know, fast…
If you’re a member of the site, here are some things you need to know quickly…
– According to MyHeritage’s statement, only emails and hashed passwords (see next point) were exposed. No financial details were at risk since they are stored on third party payment gateways. No other personal information has been exposed, according to MyHeritage.
– Hashed passwords are passwords that have undergone an encryption-like process called hashing, meaning they can’t be read by humans. Hashing turns plain-text passwords (that you type in) into a seemingly random string of characters. It is important to know that just because a password has been hashed, it doesn’t mean cyber-crooks will never be able to obtain the actual password. There are a number of tools that help crooks undo the hashing process. How long that takes (and whether it would be worth it) depends on the sophistication of the hashing that MyHeritage used.
– It appears that the data leak occurred in October 26th 2017, meaning users who have signed up since that date should not have been affected.
– And if you haven’t changed your password since then, do so now!
Sponsored Content. Continued below...
While our advice for users would normally be to turn on two factor authentication, which is a second level of security against data leaks such as this, frustratingly MyHeritage doesn’t (yet) support such a security feature. They announced plans in their statement to release the feature soon (and yes, you should enable it.)
It’s the first significant data leak since the GDPR regulations came into effect across the EU at the end of May 2018. GDPR gives the EU the ability to fine companies who suffer data leaks, though it is not clear that this will happen in this case.
MyHeritage users are urged to change their passwords straight away. And, as we always say, if you use the same email and password combination on other websites (you shouldn’t be doing that!) then you’ll need to change those passwords too.
MyHeritage has provided the following email if you have any questions over the incident – privacy@myheritage.com.