Do you use genealogy website MyHeritage? If you do, the next time you log in you will be required to change your password because of a security breach which leaked the data of over 92 million users.
The breach took place on October 26 last year, and consisted of the email addresses and hashed passwords of users who signed up to the website up until the date of the breach, according to a blog post.
The company said it learnt about the breach on Monday, when its chief information security officer was notified by a security researcher who found a file with the email addresses and hashed passwords on a private server outside of MyHeritage.
MyHeritage said no other data was found on the server, and that there was no evidence of data in the file being used. Information about family trees and DNA data are stored on separate systems and were not a part of the breach, the blog said.
The good news is this latest security wake-up call is that the passwords in the file were hashed. This is a form of data encryption that turns readable data into a scrambled cipher. Instead of allowing someone to decrypt that data with a specific key, as typical encryption functions do, hashes aren’t designed to be decrypted. So far, there’s no indication that the hashing has been cracked at all, no indication that anything other than names and email addresses were in plain text, no financial or other data associated with the accounts included in the hacked data.
MyHeritage said it was investigating the breach and taking steps to
engage an independent cybersecurity company to review the incident, and
the company advised users to change their passwords.
No comments:
Post a Comment