MyHeritage breach leaks millions of account details

According to the news released Monday by the company, more than 92 million account details of the family tree and DNA inspection service MyHeritage were found on the private server.

According to this version, this vulnerability occurred on 26th October 2017, and the discovered data included a total of 92,283,889 people who registered the service before that date.

MyHeritage is an Israeli ancestral platform that allows users to create genealogies and search family and history.

After security researchers sent a "myheritage file containing an e-mail address and a hashed password to a private server external to MyHeritage" to the company's Chief Information Security Officer, MyHeritage recognized this vulnerability. According to researchers, no other data was found on the server.

Other data such as DNA data and credit card information are stored on a system different from the system containing the user name and e-mail information. The company says there is no reason to believe that sensitive information is at risk

Since then, MyHeritage has investigated incidents and launched a response team to "take urgent steps to cooperate with leading independent network security companies" to investigate the extent of the violation.

Correction 6/5/2018 2:55 pm EST: This title has been corrected to clarify the details of the e-mail account leaked, not information on the user DNA.

In June 2018, MyHeritage announced that it had been compromised and leaked data from more than 92 million users. According to the company, this vulnerability occurred on October 26, 2017. This vulnerability could violate user's email address and hash password. Although violations are awkward, MyHeritage has confirmed that information on family tree, DNA profile, and credit card information is stored on a separate system, not part of the leak. MyHeritage products and services exist in the network, mobile, and downloadable software areas. The company's website MyHeritage.com specializes in Freemium's business model. You can sign up for free, build your family tree and start the game. This site provides excerpts of history, newspapers and other genealogy, but in order to read the full version, or to confirm the relationship of these documents, the user must be subscribed to the paid subscription.

Last month I read about data leaks in the world's third largest pornographic site xHamster. As the password and e-mail address spans 380,000, this vulnerability is only a small portion of the world's 12 million members, but more than 70 accounts related to US and UK government agencies includes. I want to know how many people will do this because there are so many users who have registered with my personal e-mail address. Do not worry, I will not announce "findings" - but you and many other users must take action before too much things happen.

After Yahoo announced a massive security breach in September and the details of 500 million users became clear, on Wednesday even larger, more new vulnerabilities were announced. This leak seems irrelevant, but it is not yet known who is responsible. For details, please see MetaTrader.

In contrast, it took four years to discover and disclose a violation of 117 million e-mails and passwords. Yahoo spent 3 years investigating and disclosing account information of numerous data breaches related to 3 billion users. Dropbox spent four years to report details of more than 68 million user accounts that leaked in 2012. "This reflects what happens in Dropbox, it has half of the hash of SHA-1 and half of the hash of Bcrypt," Hunt said in a weekly video blog. "Many companies have adopted the traditional hash algorithm method, and over time, he says," SHA-1 no longer has any advantage, so we should use Bcrypt. " "