Thursday, June 7, 2018

DNA Website MyHeritage Hacked; 92 Million User Accounts Exposed

In an odd coincidence, earlier today we asked rhetorically "what could go wrong" if millions of Americans trust a DNA collecting company - in this case, - with their genetic code. At almost the exact same time, Bloomberg reported that the Israeli-based consumer genealogy website, MyHeritage had been hacked and that the email addresses and password information linked to more than 92 million user accounts have been "compromised."
According to MyHeritage, its security officer had received a message from a researcher who unearthed a file named “MyHeritage” containing email addresses and hashed passwords of 92,283,889 of its users on a private server outside the company.
“There has been no evidence that the data in the file was ever used by the perpetrators,” the company said in a statement late Monday, supposedly in an attempt to make its nearly 100 million users and customers feel comfortable.
It was not explicitly clear if any client "genetic material" had also been compromised as part of the security breach.
Like and 23andMe, MyHeritage lets users submit their DNA, build family trees, search historical records and hunt for potential relatives. Founded in Israel in 2003, the site launched a service called MyHeritage DNA in 2016 that lets users send in a saliva sample for genetic analysis. The website currently has 96 million users of whom 1.4 million users have taken the DNA test.
In a blog post, MyHeritage said the breach took place on Oct. 26, 2017, and impacts users who signed up for an account through that date. Armed with that information, a hacker could access personal information such as the identity of family members. While the company said it is unlikely that they could easily access a user’s raw genetic information, that's precisely what one would expect them to say as the alternative is going out of business as its entire user base flees.
Still, while it wasn't certain whether or not the genetic data had been compromised, the company emphasized that DNA data is stored “on segregated systems and are separate from those that store the email addresses, and they include added layers of security.”

No comments :

Post a Comment