Cybersecurity Incident: June 5-6 Update

Cybersecurity Incident: June 5-6 Update

Yesterday we reported a cybersecurity incident affecting MyHeritage, in which the email addresses and hashed passwords of 92.3 million MyHeritage users were leaked to a private server outside of MyHeritage.

Our Information Security Incident Response Team is still investigating this incident, and we do not yet have an update regarding the source of the leak. We have not encountered abuse of any accounts on MyHeritage, or evidence that the leaked information was used by malicious actors.

The incident was reported to us by a security researcher yesterday, June 4 2018, at about 1pm EST, which is 8pm at our HQ in Israel. We assembled our people to investigate the incident,  gathered sufficient details to announce it publicly and did so within 8 hours of learning about it.

From the moment this became known to us we have been working literally around the clock, taking additional steps to help protect our users and wanted to update you on our progress in this area so far, one day after our initial report.

Although no passwords leaked but only hashed versions of the passwords, we encouraged our users to change their password, and many already did so. However, to maximize the security of our users, we have started the process of expiring ALL user passwords on MyHeritage. This process will take place over the next few days. It will include all 92.3 million affected user accounts plus all 4 million additional accounts that have signed up to MyHeritage after the breach date of October 26, 2017. As of now, we’ve already expired the passwords of more than half of the user accounts on MyHeritage. Users whose passwords were expired are forced to set a new password and will not be able to access their account and data on MyHeritage until they complete this. This procedure can only be done through an email sent to their account’s email address at MyHeritage. This will make it more difficult for any unauthorized person, even someone who knows the user’s password, to access the account. We plan to complete the process of expiring all the passwords in the next few days, at which point all the affected passwords will no longer be usable to access accounts and data on MyHeritage. Note that other websites and services owned and operated by MyHeritage, such as Geni.com and Legacy Family Tree, have not been affected by the incident.

As stated, we are expediting the work on adding two-factor authentication to MyHeritage and will update when that is live, as it is strongly recommended to use it once available to increase security.

Users who are experiencing difficulty in changing their password or have other questions or concerns should contact our security customer support team via email on privacy@myheritage.com or by phone via the toll-free helpline phone number (USA) +1 888 672 2875, available 24/7.

We believe the intrusion is limited to the user email addresses. We have no reason to believe that any other MyHeritage systems were compromised. As an example, credit card information is not stored on MyHeritage to begin with, but only on trusted third-party billing providers utilized by MyHeritage. Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised.

We have completed the GDPR reporting process to the authorities.

We are getting ready to announce the breach to the users, individually, via email, a process that will take some time due to the large number of affected users.

Again, it’s important for us to stress that your privacy and the security of your data are and will always remain our highest priority. We will continue to keep you informed and updated of our actions over the coming days.

Thank you for your understanding.

The MyHeritage team

Contact
Omer Deutsch
Chief Information Security Officer, MyHeritage
Email: dpo@myheritage.com

Comments

The email address is kept private and will not be shown

  • Keith White

    June 8, 2018

    Thank You for being so diligent in this matter

  • Smile

    June 8, 2018

    Thanks a lot for the article post.Much thanks again. Fantastic.

  • NatalieTanner

    June 8, 2018

    Thanksa lot the post.Really thank you! Much obliged.

  • Fran fairfield

    June 9, 2018

    Thank you for informing those affected and for taking emmediat corrective measures . Think my husband has an account with you.

  • Dadang victory

    June 10, 2018

    Okay.. i change my password.

    Thank you.

    Dadang victory

  • Bobbi

    June 10, 2018

    So did I!

  • D S Brown

    June 11, 2018

    Thank you for the notification.

  • Beryl Briggs

    June 11, 2018

    Thank you.

  • John Rew

    June 11, 2018

    Thank you for letting us know, how and when should I change My password.

    • E

      Esther

      June 11, 2018

      Hi John,

      We have begun expiring all passwords on MyHeritage, so anyone logging on to MyHeritage with an expired password will be required to set a new password. When you are prompted to do this, you will get an email sent to your email address on file with a link to set a new password and regain access to the account.

      Best, Esther / MyHeritage Team

  • Linda whiting

    June 11, 2018

    Thanks

  • Myra

    June 11, 2018

    Thank you

  • Patricia Collins

    June 11, 2018

    I will change my password

  • William B Baker

    June 11, 2018

    Thank you so much for the concern

  • guido pizzella

    June 11, 2018

    ok i change my password

  • sandra van boeyen

    June 12, 2018

    THANK YOU WILL CHANGE PASSWORD

  • vern

    June 12, 2018

    Thank you for alerting me.

  • Petrus Johannes van Staden

    June 12, 2018

    Thank you so much for the excellent service you render.

  • Mary Nolan

    June 12, 2018

    Thanks for your post

  • Peter Robinson

    June 12, 2018

    thank you for your clarity

  • Carolyn Warren

    June 12, 2018

    Thanks will change my password.

  • AndrewDzh

    June 12, 2018

    Thank You

  • Linda

    June 12, 2018

    Thank you your quick and diligent action in correcting this situation and keeping us informed.

  • Dollie

    June 12, 2018

    Thanks so very much for letting people know. I hope that y’all have a bless day. I have sole trust in y’all. Thanks again.

  • Roslaine Gouveia

    June 12, 2018

    Thanks for take care of us.

  • Tui Murray

    June 12, 2018

    thanx 4 the email shell get on2 it right away

  • Hendrik J Diedericks

    June 13, 2018

    Sorry for the problems if its possible I still want to use it

  • sylvia hankins

    June 13, 2018

    thank you so much in informing me

  • Jaroslav Urban

    June 13, 2018

    Thank you

  • Past Sikorski

    June 13, 2018

    I appreciate your quick action and thank you.

  • Heather Smith

    June 13, 2018

    Thanks for letting me know, I’ll change my password.

  • Barbara Forsyth

    June 13, 2018

    Thank you

  • Hana

    June 14, 2018

    Děkuji.

  • jean boudreau

    June 14, 2018

    thank you

  • Margaret Chapman

    June 14, 2018

    Thankyou for letting me know

  • Patrick Sellar

    June 14, 2018

    Thank you

  • Mavis Marshment

    June 14, 2018

    Thank you for letting me know, I will change my password as soon as possible.

  • Marlene A Strudwick

    June 14, 2018

    Thank you for all your care and attention.

  • marvyn crone

    June 15, 2018

    Thanks for your promptness and transparency

  • Shella fox

    June 15, 2018

    Thank you

  • Tom Gunsell

    June 15, 2018

    Ok

  • Gergely Lajosné

    June 15, 2018

    Thank you!

  • Daniel Soiday

    June 15, 2018

    thank you

  • Susan Downey

    June 15, 2018

    Thank you taking the time to correct this particular issue.

  • Susan Downey

    June 15, 2018

    Thank you for taking the care to solve this issue

  • Cathy Kauffman

    June 15, 2018

    Thank you for expeditious action.

  • Алёна Змысля

    June 15, 2018

    Большое спасибо за вашу заботу о нашей безопасности)))

  • William C. Bill Hamilton

    June 15, 2018

    Many thanks. Your work will far exceed mine. I wish you the best. WCH

  • Graham Lindemann

    June 16, 2018

    Thank you heritage for that information

  • Michael Wilkinson

    June 16, 2018

    thank for moving so fast on this

  • Patricia Barnicott

    June 16, 2018

    Thanks for letting me know. I didn’t hear or know about this. I will try to change my password as requested.

  • Linda M Campillo

    June 16, 2018

    Thank you for this important information.

  • jaragon813@gmail.com

    June 16, 2018

    Thank you for keeping me updated

  • Candice Percival

    June 17, 2018

    Thank you for taking care of this matter

  • Rudolf Burkert

    June 17, 2018

    Thank You

  • Charles Nations

    June 17, 2018

    Thank you for the notice

  • Kazimieras

    June 18, 2018

    Thank you

  • VONDA REEDER

    June 19, 2018

    thank you

  • Alicia Garcia

    June 20, 2018

    Thanks for keep our information privated

  • Marlene

    June 20, 2018

    Thankyou for alerting this matter so promptly and efficiently.

  • Carol A Martin

    June 20, 2018

    Thank you for all you’ve done to safe guard our information.

  • Mária Fleischerova

    June 20, 2018

    Ďakujem za informaciu.

  • Charles M. Pirko

    June 21, 2018

    Sorry to hear that you are having problems.

    Charles Pirko

  • Don E. Shope

    June 21, 2018

    I have been away and am just digesting this information. Thanks for your caring concern and the information on a new direction.

  • Raul

    June 27, 2018

    I never really used my account but it’s good to know that companies like yours really care and are honest about situations like this!!!

  • Tina M Turner

    June 28, 2018

    Good To Know Thank You.
    \

  • Cheryl Tremblay

    June 28, 2018

    Thank you for your quick response!

  • Jan Novak

    July 1, 2018

    Thanks for what u did for me.

  • pardim

    July 1, 2018

    Thank You!

  • Alan Appleton

    July 1, 2018

    Many thanks for the information. You can”t be too careful these days.

  • Helen

    July 2, 2018

    I’m glad you noticed this immediately
    I will follow your instructions to Change my password

  • Leonard baynum

    July 14, 2018

    Thank you for fixing this problem

  • Arnil Senoron

    July 18, 2018

    Thank you for the information, I will change my password.

    Thank you.

  • Lenka Sniegoňová

    July 23, 2018

    Thankyou

  • June plummer

    July 28, 2018

    Thank you for giving me the “heads-up on this breach situation.

  • Pattie Davis

    August 4, 2018

    Thank You for the heads up!

  • Irene Ray

    August 4, 2018

    Thanks for keeping us up to date. I’m changing my password

  • Dennis Shaw

    August 5, 2018

    Thanks for the hard work.

  • Cliff George

    August 6, 2018

    Thank you very much for your quick response and letting me know all about this problem that as happened. I will certainly be changing my e-mail address straight away.
    Thank you again. Cliff George.

  • habeeburahiman

    September 7, 2018

    thank you

  • Gbenga Fatona

    September 12, 2018

    thank you