The genealogy site MyHeritage has experienced a data breach in which all 92 million of its users' email addresses and hashed passwords have been exposed, Stat News reports. It adds that family tree and genetic data appears to not have been affected.
According to MyHeritage, the company became aware of the breach when a security researcher contacted it after finding a file on a private server labeled "myheritage." When the company reviewed the file, it found that it contained the email addresses of every user who had signed up with MyHeritage before and up to October 26, 2017 and their hashed, but not actual, passwords. The company added that credit card data is not stored by MyHeritage — it is stored by third-party sites like PayPal — and that family tree and DNA data are stored on a separate system.
Stat News notes that this disclosure comes on the heels of other incidents that have highlighted genetic privacy like the use of genetic genealogy sites to track down a suspect in the Golden State Killer case.
"When you put DNA and privacy together in a sentence, understandably and correctly, it makes people nervous," Sarah Lawrence College's Laura Hercher tells Stat News. But she adds that what happened to MyHeritage doesn't appear to be all that different from what's occurred at companies that don't handle genetic data.
MyHeritage recommends that all users change their passwords and says it is hiring an independent cybersecurity firm to conduct a review.