Ancestry.com now holds the genetic code of more than five million people — the largest private database of DNA in corporate history. The firm says it has state-of-the-art security systems in place to prevent hacking and security breaches of its genetic database. However, a three-month investigation has uncovered a pattern of ‘breached promises to customers’ and security concerns, according to a news report in today’s Daily Mail.
Last year, cyber criminals managed to infiltrate RootsWeb, which is owned and operated by Ancestry. The hackers stole the login details of aorund 55,000 Ancestry customers who used the same email and password combination on RootsWeb. Ryan Wilk, Vice President at NuData Security commented below.
Ryan Wilk, Vice President at NuData Security:
“Bad actors are constantly trying to engineer new ways of bypassing security measures; however, two-factor authentication still offers stronger security than the classic one-factor authentication. To avoid account takeovers with stolen username and passwords, two-factor authentication can be combined with other security layers such as passive biometrics and behavioral analytics, so that if one layer fails or is not reliable, another layer of security takes over, protecting the customers’ accounts even if the credentials have been stolen. While two-factor authentication can help verify that the user has the correct device, behavioural analytics, and passive biometrics allow you to learn and trust the user’s behavior both in and across the session. This way you put the trust on the human instead of the device. With passive biometrics, customers are identified by their behaviour online and not by static data such as passwords or one-time codes. This inherent behaviour cannot be duplicated by hackers, even if they use correct static data, devaluing stolen credentials and protecting the customer account.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.