Cyber Risk

Security breach at MyHeritage website leaks details of over 92 million users

FILE PHOTO: A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014. REUTERS/Mal Langsdon

(Reuters) - A security breach at family networking and genealogy website MyHeritage leaked the data of over 92 million users, the company said in a blog posted on Monday.

The breach took place on Oct. 26 last year, and consisted of the email addresses and hashed passwords of users who signed up to the website up to the date of the breach, according to the blog post

The company said it learned about the breach on Monday, when its chief information security officer was notified by a security researcher who found a file with the email addresses and hashed passwords on a private server outside of MyHeritage.

MyHeritage said no other data was found on the server, and that there was no evidence of data in the file being used.

Information about family trees and DNA data are stored on separate systems and were not a part of the breach, the blog said.

MyHeritage said it was investigating the breach and taking steps to engage an independent cybersecurity company to review the incident.

The company advised users to change their passwords.

Israel’s MyHeritage helps families around the world find their history with family tree tools, DNA tests, and a library of historical records.

(This version of the story clarifies in paragraph two that the information breach consisted of emails and hashed passwords, not included them)

Reporting by Kanishka Singh in Bengaluru, Editing by Rosalba O’Brien