Users who signed up to genealogy service provider MyHeritage leading up to October 26 of last year are going to want to take action for their online accounts following the company reporting a fairly massive breach. According to an associated release from MyHeritage, the company was informed about the breach by a security researcher on June 4. The researcher had sent MyHeritage a message pertaining to a file called “myheritage,” which was discovered on an unnamed server and contained email addresses and hashed passwords. Around 92.28 million users appear to have been affected. Since those are one-way hashed passwords, nobody who happened to view or download the data will necessarily have access to any accounts. As such, the company is relatively certain that only email addresses were put at risk. With that said, even a breach of email addresses can result in harmful outcomes due to phishing scams and other malicious activity.
Since it’s better to be safe than sorry, MyHeritage is reporting the breach and asking its users to act on the information and change their passwords. Any concerned users are also being encouraged to contact customer service for more information. In the meantime, the company is has set up a response team to try and determine the origins of the breach and ascertain how it happened. A private security firm has been contacted for assistance with that and the appropriate authorities have also been informed, in conjunction with the GDPR. Not content to stop there, MyHeritage is also working to implement a two-factor authentication method which will be made available to all of its users as soon as possible. That will work similarly to how Google’s does, requiring a cell phone to verify identity alongside a password.
Bearing that in mind, it’s worth mentioning that it is a good idea for any user of the site or its services to change their password. That’s true whether the information is thought to have been leaked in the breach or not. Initial discoveries often don’t tell the whole story and it’s far better to err on the side of caution in the modern, tech-connected world. Moreover, users should change any passwords for other online accounts that are similar to that used for MyHeritage. It goes without saying that it’s never a good idea to use identical passwords across multiple sites.