Have you ever taken the time to track down your family history? With modern technology and DNA testing it’s much easier and more accurate than ever before.
In fact, there are websites that offer this service at very reasonable rates. It usually only takes a couple minutes to take a cheek swab sample and mail it to the lab. You typically receive your results online in about a month’s time.
Low costs and ease of use have made these services extremely popular. Unfortunately, that makes them prime targets for cybercriminals. We’ve just learned that one popular DNA testing service has exposed data of over 92 million accounts.
Did crooks steal your data?
We’re talking about the genealogy website and DNA testing service, MyHeritage. Its Chief Information Security Officer (CISO) revealed this week that the company received a message from a security researcher who claimed to have stumbled across a file dubbed myheritage.
The file contained email addresses and hashed passwords. It was found on a private server outside of the MyHeritage site.
After receiving the file in question, the MyHeritage information security team reviewed it and confirmed that its contents did in fact originate from its site. The file included the email addresses and hashed passwords for everyone who signed up with MyHeritage up to and including October 26, 2017. That’s a total of more than 92 million users. Wow!
MyHeritage said that it uses a special technique to disguise passwords individually, so even if a hacker found your hashed password they might not be able to crack it. But let’s be honest, hackers have state-of-the-art tools at their disposal so I wouldn’t trust the idea that they can’t crack a hashed password.
The site also said that payment information isn’t stored on MyHeritage, it uses third-party payment systems like PayPal instead. So your payment data wasn’t a part of this breach.
If you think you or anyone you know was a part of this data breach, MyHeritage has some suggestions:
- Contact the MyHeritage security customer support team – If you have questions about the breach you can email them at firstname.lastname@example.org or call its toll-free number 1-888-672-2875.
- Change password – All registered users of MyHeritage should change their account password immediately.
- Set up two-factor authentication (2FA) – Once MyHeritage releases the upcoming 2FA feature, it recommends all users take advantage of it ASAP.
Handling a major data breach
After following suggestions from MyHeritage, there are more security steps that you should take after a major data breach. Keep reading to learn what to do next.
Change your password
Whenever you hear news of a data breach, it’s a good idea to change your account passwords. This is especially true if you use the same credentials for multiple websites. If your credentials are stolen from a breach, criminals can test them on other sites to log into those accounts as well.
Another mistake people make is creating passwords that are too easy for hackers to crack. Even if they were encrypted, they would have been easy for hackers to crack with a password guessing tool in just seconds.
Set up two-factor authentication
Two-factor authentication (2FA), also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. This is an extra layer of security that will help keep your accounts safe.
At this time MyHeritage does not offer two-factor but the company is fast tracking this security feature to be available soon. If you are one of its clients you should sign up for 2FA as soon as it’s available.
With 2FA set up on your accounts, a thief will need more than just a stolen password to break in.
Keep an eye on your bank accounts
Even though MyHeritage claims payment information wasn’t impacted by this breach, you should keep an eye on your bank statements. Watch out for suspicious activity. It’s a critical step when there is a massive data breach.
If you see anything that seems strange, report it immediately to your bank. It’s the best way to keep your financial accounts safe.
Beware of phishing scams
Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from MyHeritage, hoping to get victims to click on malicious links that could lead to more problems.