Stories

Breach grabs info on 92 million MyHeritage accounts

A family tree
Image: pepifoto via Getty

More than 92 million email addresses and encrypted passwords appear to have been removed from the geneology website MyHeritage.com, according to a statement from the company on Monday.

Why it matters: 92 million is a substantial number, and it's likely to cause some degree of panic. MyHeritage is among the family-tree building sites with a DNA analysis service, leading some on social media to assume that DNA was stolen as part of the breach.

Don't panic: DNA wasn't stolen as part of the breach. In fact, according to the press release, it doesn't appear anything but the email addresses and encrypted passwords were taken.

The details: A security researcher contacted the site Monday to inform it that the researcher had found a file labeled "myheratige" on an outside server. The file contained data on accounts through October, 2017.

The statement uses the word "breach" but doesn't specifically say the site was hacked. It's possible, therefore, that the list was removed by an employee. Also possible is that the document was stored on a misconfigured cloud server accidentally leaving a secure file open to the public.