A top DNA testing company reported Tuesday that more than 92 million of its accounts leaked online more than seven months ago.
MyHeritage reported the breach Tuesday in a blog post, saying its “Information Security Team received the file from the security researcher, reviewed it, and confirmed that its contents originated from MyHeritage and included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords.”
The company added that it believes “the intrusion is limited to the user email addresses. We have no reason to believe that any other MyHeritage systems were compromised. As an example, credit card information is not stored on MyHeritage to begin with, but only on trusted third-party billing providers (e.g. BlueSnap, PayPal) utilized by MyHeritage.”
Rafi Mendelsohn, MyHeritage’s director of PR and social media, said the company is looking into the data breach.
“We are investigating [why it didn’t detect the initial breach and how it happened] right now and plan to have updates on the blog over the next few days,” Rafi Mendelsohn, MyHeritage’s director of PR and social media, told Ars Technica in an email.
MyHeritage says it will be implementing a two-factor authentication feature which will be available to users “soon” and will increase security on the site. The company was already working on it, but it said it will “expediting” its development of the feature.
Under the European Union’s sweeping data privacy regulation known as the General Data Protection Regulation, which was implemented on May 25, MyHeritage will have to inform the “relevant authorities” because of its implications about users’ data privacy. (RELATED: The EU’s GDPR: A Balancing Act Between Privacy And Prosperity)
MyHeritage is a top DNA testing company along with AncestryDNA and 23&Me. It has about 35 million family trees on its website as of January 2017.
Send tips to email@example.com
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.