Cyber Incident Victim: MyHeritage
Date:
Oct 2017
Location:
Israel
Summary
A security researcher alerted MyHeritage to a file containing user email addresses and hashed passwords on an external private server, which was confirmed to belong to the company and impacted over 92 million accounts. The compromised data included one-way hashed passwords with unique keys per user, preventing direct access to plaintext credentials, and no evidence indicated misuse or additional system breaches. The intrusion was isolated to email addresses, with no compromise of segregated systems storing sensitive information like payment details, family trees, or DNA data. The company initiated an incident response, engaged a cybersecurity firm for forensic review, expedited two-factor authentication implementation, and established dedicated support channels for affected users.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 4, 2018, at approximately 1:00 PM EST, MyHeritage’s Chief Information Security Officer was alerted by an external security researcher about the discovery of a file named "myheritage" containing user credentials on a private server outside the company’s infrastructure. The researcher provided the file to MyHeritage’s Information Security Team, which confirmed the data’s authenticity within hours. Analysis revealed the file contained email addresses and hashed passwords for 92,283,889 users who had registered with MyHeritage up to October 26, 2017—the confirmed date of the breach. The compromised passwords were protected using a one-way hashing mechanism with unique keys per user, preventing immediate conversion to plaintext. MyHeritage initiated an internal investigation to determine the intrusion’s origin and potential exploitation, finding no evidence that the stolen data had been actively misused or that any user accounts were compromised between the breach date and its discovery. The company emphasized that the intrusion appeared limited to email addresses and hashed passwords, with no indication of broader system access.
MyHeritage confirmed that sensitive data categories remained unaffected: financial information was not stored internally but processed through third-party providers like BlueSnap and PayPal, while family trees and DNA data resided on segregated systems with additional security layers. The company activated an Information Security Incident Response Team and engaged an independent cybersecurity firm for forensic analysis and future prevention strategies. Regulatory authorities, including GDPR supervisors, were notified. MyHeritage accelerated development of two-factor authentication and established a 24/7 security support team to address user inquiries via email and a toll-free US phone number. Users were advised to change their passwords as a precaution but received assurance that no further immediate actions were necessary. The breach’s impact was confined to credential exposure, with no compromise of genealogical records, genetic data, or financial systems identified during the investigation.