Israel (CNET) – Data breaches are always problematic, but they can be especially troubling when they happen on platforms with access to supersensitive information — like your DNA.
On Monday, MyHeritage, a platform that offers DNA testing and genealogy services, learned it had been breached, after a security researcher reported finding a file that contained email addresses and hashed passwords on a private server.
The Israeli-based company’s information security team reviewed the file and confirmed the data was from MyHeritage. It includes the email addresses and hashed passwords of the more than 92 million users who signed up for the platform up to Oct. 26, 2017, which was the date of the breach, according to a statement from MyHeritage.
The company said it doesn’t store user passwords, and instead stores a one-way hash of every password, in which the hash key is different for every customer. “This means that anyone gaining access to the hashed passwords does not have the actual passwords,” the company said.
The security researcher, whom MyHeritage didn’t name, reported that the server didn’t contain any other data related to the company. The company said there isn’t any evidence that the data was ever improperly used. Since the date of the breach, MyHeritage said, “we have not seen any activity indicating that any MyHeritage accounts had been compromised.”
MyHeritage said it believes the breach was limited to user email addresses, and that it has no reason to believe any other systems were compromised. Credit card information isn’t stored on MyHeritage, it said, but is instead stored on “trusted third-party billing providers” like BlueSnap and PayPal.