Family genealogy and DNA testing site MyHeritage announced on Monday a security breach during which an attacker made off with account details for over 92 million MyHeritage users.
In a
statement on its website, MyHeritage said it became aware of the incident on Monday, the same day of the announcement.
The incident came to light after a security researcher found an archive on a third-party server containing the personal details of 92,283,889 MyHeritage users.
Only emails and hashed password were exposed
The archive contained only emails and hashed passwords, but not payment card details or DNA test results. MyHeritage says it uses third-party payment processors for financial operations, meaning payment data was never stored on its systems, while DNA test results were saved on separate servers from the one that managed user accounts.
Based on the creation dates of some accounts, the breach appears to have taken place on October 26, 2017. It is unclear if the breach is the result of a hacker attack or because of a malicious employee selling the company's data.
