Security News
Get Total AV Login

92 Million Emails Stolen from MyHeritage Ancestry Website

MyHeritage is one of the latest websites to fall foul of a huge security breach, revealing millions of user passwords.

Published by Claire Broadley

On June 4th, the site was attacked by hackers, and a staggering 92.3 million email addresses were stolen. If you signed up for the site before October 26th, 2017, your email address was one of the ones that was leaked.

Hashed passwords were also obtained during the breach. Hashing obscures the password itself, but it’s still advisable to change your password.

Payment details were not obtained, and -- thankfully -- neither was users’ DNA test results.

MyHeritage only found out about the breach when it was alerted to a file named “myheritage”, hosted on another website, which contained all of the data that was taken.

MyHeritage fessed up within a few hours of finding the file online by posting a blog about it, although it didn’t alert users via email for another 16 days.

And There’s More… Flightradar24 Also Hit By Hackers

Another large data breach was reported last week by Flightradar24, a flight tracking app and website that allows aviation enthusiasts to track commercial flights in real time.

Again, hashed passwords and email addresses were obtained by unauthorised users. In this case, an estimated 230,000 customers were affected.

That’s a small breach compared to MyHeritage, but worrying nonetheless.

 

Unfortunately, the company made the situation worse; it sent out a security alert along with a password reset link. In doing so, they generated unnecessary panic that the well-intentioned password reset emails were part of a phishing scam.

Like MyHeritage, Flightradar24’s communication could have been a lot better once the damage was done.

How to Protect Your MyHeritage or Flightradar24 Account

If a hacker gets one password, they could access all of the accounts that use that combination of login credentials, which is why password security is such a big deal.

If you use either of these sites, you should immediately log in and change your password. On MyHeritage, your old password has already been automatically expired as a precaution.

MyHeritage has now added optional two-factor authentication.

Even though hackers didn’t obtain plain text passwords in this breach, previous hacks have revealed passwords in plain sight, like this Last.FM hack from 2016, and this TeenSafe hack last week. (The latter includes children’s names and email addresses.)

So if you use the same password elsewhere, now’s the time to improve your password regimen. That means:

  • Using a unique password on every site

  • Coming up with a system to remember passwords, but nothing someone else could easily guess

  • Using passwords that don’t include dictionary words.

The simplest way to achieve this is to install and use a credible password manager so that you are less vulnerable to the next data breach -- and there will inevitably be many more to come.

Final Tips

Both the MyHeritage and Flightradar24 hacks are reminders, if we needed them, that our personal data is vulnerable, and every internet user needs to take their share of responsibility.

If you’re concerned about data breaches, type your email address into Have I Been Pwned? to find out whether your email has already been obtained in a hack.