Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - MyHeritage Breach
News & Analysis

MyHeritage Breach

ISBuzz TeamBy ISBuzz TeamJune 7, 2018Updated:July 4, 20245 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Following the news that ancestry site MyHeritage has been breached, potentially exposing the data, and in some cases the DNA details, of 92 million users, IT security experts commented below.

David Emm, Principal Security Researcher at Kaspersky Lab:

News of a data breach is a daily reality today. But it’s rarer to hear news of a breach where the company in question is on the front foot and has proactively shared information with the public, which will ultimately lead to the collateral damage being reduced. 

Yesterday the news broke that ancestry site MyHeritage had been breached, potentially leaving the details of 92 million global customers vulnerable to attack. But what was refreshing was the response from the company’s CISO. Within hours of the breach being discovered, he had taken to the company’s website to explain what they had discovered, what steps they were taking to rectify the issue, and how they protected people’s data in general. Often when a breach happens, one of the biggest failings is that of honesty and disclosure from the victim, which ultimately leaves consumers even more vulnerable as they are unaware they need to take action.

Of course, the data is still at risk, and it’s especially concerning when you consider the type of data (including DNA) this site holds. But, by acting swiftly and definitively, MyHeritage has allowed its customers to regain some control of their personal data by changing passwords, checking for suspicious activity on accounts, and exercising caution; all actions, that, if had been kept secret whilst the company investigated or gave itself time to ‘stage manage’ its public response, would have left them even more at risk from fraudsters. 

It’s good to see that, going forward, MyHeritage is considering the implementation of two factor authentication for added security in this kind of scenario. These days we talk about not ‘if’ a company is breached but ‘when’, so protection of data in that event is the key here.

The advice to consumers remains the same as it would in any breach situation:

  • Change your MyHeritage account password and any associated passwords using a complex password
  • Monitor accounts for any suspicious activity and do not click on any links in emails purporting to be from the firm – instead go to your account online to check for messages

Ryan Wilk, VP of Customer Success at NuData Security:

“Even though the breach occurred last year, consumers should immediately change their passwords to avoid any potential damage. Additionally, those users who have reused their MyHeritage password on other accounts should also change those passwords to avoid exposing more accounts. A password manager is helpful in tracking and creating random passwords that are hard for a script to crack. Passwords are a key target for bad actors as they use them to access accounts and the sensitive data stored in them. However, companies who are implementing multi-layered solutions that don’t rely on passwords, such as behavioral biometrics and passive biometrics, are preventing this threat and protecting their customers even when their passwords have been exposed.”

Anthony James, CMO at CipherCloud:

“The bad news is, for sure, that 92 million MyHeritage user accounts were compromised. The attackers obtained emails and hashed passwords. Don’t believe for a second that a hashed password is safe. When a user normally logs in, the password submitted is run through the hash function and then the result is compared with the hashed password stored for that user.

Hashed passwords are absolutely not safe if stolen – these hashed passwords are still highly vulnerable to a dictionary attack, where the attacker runs a hash function against the top 100,000 most popular passwords and computes the hash function against all of them. Then all they need do is compare these calculated values to the list stolen from MyHeritage. So, NO, a smart cyberattacker could be working diligently, even now, to map the hashed values to real passwords and break the accounts.

The moral of the story? Protecting customer data is more important than ever. New best practices such as the use of Zero Trust end-to-end encryption and 2-factor authentication are required for data and threat protection as well as the barrage of new compliance regulations.”

Sandor Palfy, CTO, Identity & Access Management at LogMeIn:

“While it’s unclear how MyHeritage was breached, and the company had encryption in place to protect user information, this news is still a good reminder that almost all online accounts can hold information hackers find valuable. People will often use the same or similar passwords for work or personal accounts, or neglect to change them even when a breach is reported. That opens the door for hackers to exploit even more information. You never know when your account or personal information might be as risk, which is why we always recommend you take your online security seriously. Passwords that are lost, shared, reused or weak carry tremendous risk as cyber threats grow more sophisticated. Simple steps such as creating secure passwords, never reusing them and turning on two-factor authentication with your accounts whenever possible; a feature that MyHeritage says it plans to deploy in the future, will prevent data loss in the event of a 3rd party breach.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Visual data is the blind spot in enterprise security: that’s about to change

May 4, 20267 Mins Read

Making stolen data worthless: why security must start with the data

March 30, 20265 Mins Read

Meta’s Smart Glasses Privacy Scandal Expands After Sama Credentials Found on the Dark Web

March 10, 20264 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}