MyHeritage, one of the nation’s most popular online genealogy sites, said a security breach had affected the email addresses and hashed passwords of 92 million users, raising concerns about the security of more sensitive data that the company collects.
The website allows users to create family trees, search historical records, and look for possible relatives. It also operates MyHeritage DNA, a genetic testing service that lets users to send in their spit and have their genetic information analyzed.
In a statement issued late Monday afternoon, MyHeritage said there was “no reason to believe” that data other than email addresses and hashed passwords had been accessed without authorization. Family trees or genetic data, it said, are stored on different systems with “added layers of security.”
A security researcher contacted the company after discovering a file named “myheritage” on a private server, MyHeritage said. The company reviewed the file and confirmed it contained the email addresses of every user who had signed up for MyHeritage before Oct. 26, 2017, along with their hashed passwords, which conceal a user’s actual password.
A study published in 2017 found that genetic testing sites could be vulnerable to computer hacks that expose personal genetic information.