Approximately 92 million personal information leaked from DNA analysis service "MyHeritage"


bypixelcreatures

DNA analysis service which can create family tree "MyHeritage"It became clear that personal information for 92,283,889 people was flowing out.

MyHeritage Statement About a Cybersecurity Incident «MyHeritage Blog
https://blog.myheritage.com/2018/06/myheritage-statement-about-a-cybersecurity-incident/#

Hacked: 92 Million Account Details for DNA Testing Service MyHeritage - Motherboard
https://motherboard.vice.com/en_us/article/vbqyvx/myheritage-hacked-data-breach-92-million

MyHeritage Says Over 92 Million User Accounts Have Been Compromised
https://thehackernews.com/2018/06/myheritage-data-breach.html


Personal information of the user who registered the account by October 26, 2017 was leaked. MyHeritage's Chief Information Security Officer says, "From security researchers"HashingI received a message saying "I found a file named myheritage containing a password that was set on a private server other than MyHeritage," I reported on my blog that MyHeritage user personal information leaked out. Hashing the password means that MyHeritage does not store the user's password in clear text, but depending on the algorithm used, hackers can decrypt it And Motherboard of IT news site point out. In this regard, MyHeritage says that "the key of the hash function varies depending on the customer"SaltIt is regarded as being used.

However, the DNA information of the user is stored in a location different from the storage location such as the mail address, and because the credit card data is processed by a third party such as PayPal, it is said that it will not be affected by this outflow about.

bystevepb

MyHeritage says, "The privacy and security of customer data is as important to us as we think it is important.We have to invest a huge investment to promote the security of customer accounts and personal information And has protected it with multiple encryption layers.All tests ensure the quality of clinical laboratoriesclearWhenAmerican Pathological SocietyWe have been certified for the service, "he emphasized the safety of the service, but for all userschange PasswordI also urge you.

In future, MyHeritage shows that it is planning to introduce 2-step verification, but at present the service user is "Have I been pwned?It seems better to check if your personal information leaked out by using "etc".

in Security, Posted by darkhorse_log