News 3 min read

DNA testing company MyHeritage exposes data of 92 million users

5 minutes MyHeritage is informed about the cybersecurity incident which occurred back in October 2017 Myheritage exposes data of 92 million users MyHeritage, the company focusing on DNA testing and family ancestry, has recently announced about a serious leakage involving 92.3 million of its users. The company became aware about the security breach on 4th […]

Myheritage exposes data of 92 million users
0 Comments
5 minutes

MyHeritage is informed about the cybersecurity incident which occurred back in October 2017

Myheritage exposes data of 92 million users
Myheritage exposes data of 92 million users

MyHeritage, the company focusing on DNA testing and family ancestry, has recently announced about a serious leakage involving 92.3 million of its users. The company became aware about the security breach on 4th of June, aAfter being informed by an anonymous security researcher about an unprotected file called myheritage on a private server.

According to MyHeritage blog post, the leak affects users who registered for their service prior to October 26, 2017, which is the date of the data breach. As soon as the security researcher contacted the company, they began the investigation which confirmed that as many as 92,283,889 e-mail addresses and hashed passwords were harvested from a legitimate database.

The company is confident that the data breach only affected users' emails

As the researcher pointed out, no other databases were found on a private server and the data file discovered there has never been used for any purpose by hackers. Fortunately, MyHeritage does not collect clients' passwords. Instead, they store one-way hash which differs for each user. Thus, the company is confident that users' passwords are safe, and only e-mail addresses were leaked.

Omer Deutsch, Chief Information Security Officer of MyHeritage, also added that the company cannot see any signs of more accounts being jeopardized after October 2017:

Since Oct 26, 2017 (the date of the breach) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromised.

Fortunately, the account information of visitors is not stored by the company. MyHeritage relies on trusted billing providers, including PayPal and BlueSnap. Additionally, all the other sensitive information stored by the firm (such as DNA data or family tree history) is stored in a separate database which has an extra layer of protection against hacks.

The extra precaution steps taken by MyHeritage

According to Deutsch, once they were informed about the leak, an immediate investigation was launched by Information Security Incident Response Team. The company hired a professional cybersecurity company to take on investigation to acquire more details about the incident and take extra precaution measures in order to protect personal user data in the future.

In addition, MyHeritage promised to launch two-factor authentication service that could help users protect their accounts even further. Additionally, Deutsch urged all customers to change passwords for maximum safety. He added:

For now, there are no other actions that MyHeritage users need to take as a result of this incident. However, we always recommend that you take the time to evaluate your security practices. Please, avoid using the same password for multiple services or websites. It’s good practice to use stronger passwords and to change them often.

Data breach is still believed to be a serious concern

Many security experts are concerned about the information technology security practices undertaken by various companies and organizations. Employees and employers should be more aware of security risks, and proper training in cybersecurity should be one of the top priorities in the current time. 

While Equifax data leak exposed private information of 147.9 million users (which is considered the largest leak to date), there were several other incidents in the past few years. Even though MyHeritage data breach, most likely, consisted of only users' emails, it is still private information which should be kept away from crooks hands.

Did this fix work for you?
Gabriel E. Hall

Written by

Malware Removal Expert
Malware removal Ransomware recovery Browser hijackers Spyware analysis Security tools testing

Gabriel E. Hall is a malware removal expert and cybersecurity researcher with over ten years of hands-on experience analysing threats and writing removal guides. She has documented hundreds of malware families — from browser hijackers and adware to ransomware and rootkits — providing step-by-step cleanup instructions tested against real infections. Gabriel's work combines deep technical analysis with clear, actionable language that readers without a security background can follow. Her guides consistently appear among the most-referenced resources for malware removal on Windows systems.

0 Comments

Be the first to comment

Still worried? Run a free check.

Paste any URL or domain — we'll scan it against 4.2M known threats in 10 seconds.

View full scanner → Add to your website →