Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Friday, October 6, 2023

23andMe Data Hack

Genealogy website 23andMe is one of the latest companies to suffer a data hack.  

Judy Russell at The Legal Genealogist has sent out a timely reminder about the importance of being security conscious after the breach was reported to users of the website.

So far, personal information about roughly a million users has been offered for sale on the so-called Dark Web. The data offered included full names, birth years, location information and more. As yet it is unknown exactly how many accounts were accessed or how much data was harvested, but currently there is no indication that any raw DNA data was hacked.  The incident is still under investigation.

The success of this breach highlights the danger of using the same password across multiple websites.  The story is that hackers collected passwords associated with specific email addresses that had already been hacked at other sites and then reused them at 23andMe to see if they worked.  For many, they did.

So if, like me, you are guilty of sometimes using a generic password on different websites, it is time to have a think about changing habits and updating your passwords.

Read Judy's full blog post,  Judy G. Russell, “Change your password!,” The Legal Genealogist

 

Thursday, June 7, 2018

Security Breach at MyHeritage

Do you use genealogy website MyHeritage?  If you do, the next time you log in you will be required to change your password because of a security breach which leaked the data of over 92 million users.
The breach took place on October 26 last year, and consisted of the email addresses and hashed passwords of users who signed up to the website up until the date of the breach, according to a blog post.
The company said it learnt about the breach on Monday, when its chief information security officer was notified by a security researcher who found a file with the email addresses and hashed passwords on a private server outside of MyHeritage.
MyHeritage said no other data was found on the server, and that there was no evidence of data in the file being used.  Information about family trees and DNA data are stored on separate systems and were not a part of the breach, the blog said.
The good news is this latest security wake-up call is that the passwords in the file were hashed. This is a form of data encryption that turns readable data into a scrambled cipher. Instead of allowing someone to decrypt that data with a specific key, as typical encryption functions do, hashes aren’t designed to be decrypted.  So far, there’s no indication that the hashing has been cracked at all, no indication that anything other than names and email addresses were in plain text, no financial or other data associated with the accounts included in the hacked data.
MyHeritage said it was investigating the breach and taking steps to engage an independent cybersecurity company to review the incident, and the company advised users to change their passwords.