Ancestry.com is known for its genealogy services. Now it seems they are tracing the origin of a data leak instead of family origins.
It’s the latest company hit by a data leak. Ancestry.com apparently had 300,000 users e-mail addresses and passwords exposed. The data leak occurred in 2015, but is only coming to light now. For its part, Ancestry found out that the data leak originated from its server Rootsweb. The affected services are being taken offline as the company investigates.
Speaking to ThreatPost, Ancestry.com Chief Information Security Officer Tony Blackham says that the damage from the breach may be minimal:
“Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers,” Blackham wrote.
On Wednesday, Ancestry.com told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb’s infrastructure, and is not linked to Ancestry.com’s site and services. Ancestry.com said RootsWeb has “millions” of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards.
The company said RootsWeb doesn’t host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server.
At this stage, it is unclear why it took so long for this data breach to be made public. After all, it took two years for the information to surface.
The news comes just a week after another data breach from Alteryx where 123 million Americans had much more sensitive information exposed to potential fraudsters. That leak saw addresses, credit bureau information, financial histories, and a whole lot more exposed to the open Internet.
Drew Wilson on Twitter: @icecube85 and Google+.
