Many thanks to technological advancements we get to trace our ancestry and family lineage to a degree through a wide range of DNA testing services. Such services commonly store millions of records and accounts on the DNA test results and screenings the assist with the investigation of family histories. Unfortunately, the account data stored by the Israel-based DNA testing service, MyHeritage, was attacked by hackers who look to have stolen credentials of its 92 million customers.
The scrutiny of data security and what companies are doing to protect their customers is a hot topic that has only been exacerbated in recent months due to cases like Facebook's Cambridge Analytica data share debacle. Moreover, various entities and governments around the world are being forced to patch vulnerabilities within specific systems and servers to prevent hacking so they don't end up allowing hackers to steal important information.
In the case of MyHeritage being hacked, it looks as if the database that includes the email addresses and hashed passwords of their 92 million users was accessed. The data breach is reportedly still under investigation, and third-party billing providers associated with MyHeritage have ensured users of the DNA testing service that credit card information is not stored on MyHeritage leading its users to believe that their financial data is still safe. Additionally, companies like PayPal and BlueSnap published a blog post to further ensure users of MyHeritage that other types of sensitive data, such as family trees and DNA data was stored on segregated systems, all separate from those in the hacked email addresses and password files.
After the data breach took place, MyHeritage noted that they do not store customer passwords in plaintext and that the hacked file contains passwords in a hacking algorithm used to protect the user passwords. As far as hackers having any ability to uncover the passwords have yet to be seen but customers of MyHeritage are ensured that their passwords are "probably safe."
MyHeritage has hired an independent cybersecurity firm to conduct further investigations and a forensic investigation of the data breach. As an added layer of security, MyHeritage plans to add a two-factor authentication feature for its users as an option. Additionally, MyHeritage users are urged to change their passwords - just in case.
While the traditional security measures look to be taken in the MyHeritage breach, such a case is further evidence of how vulnerable systems remain that harbor massive amounts of consumer data. If the hacker perpetrators of the data breach are at all able to decrypt the hashed passwords exposed in the breach, millions of accounts could be compromised and accessed by unauthorized cybercrooks. Moreover, being that the MyHeritage accounts contain family data and profiles that reveal the identity of family members, the risk of identity theft cases may be thrown into the mix. So far, taking the word of MyHeritage and their third-party vendors, the data is safe, and hackers are unable to decrypt the hashed passwords. We can all hope that such a notion will pan out and the MyHeritage data breach becomes one of the many countless and failed attempts by hackers to steal consumer data.