Genealogy web service MyHeritage has suffered what appears to be a data leak. In all, over 92 million accounts have been compromised.
Reports are surfacing that a new data leak has been uncovered – and it’s a big one. According to reports, reports, details of ore than 92 million accounts have been discovered on a third party server. The security researcher who discovered the leak alerted MyHeritage.
In response, MyHeritage decided to institute two factor authentication for their customers. While this leak does sound quite severe, it appears the details in the database have been encrypted. Additionally, it appears that the database has also been salted to make the information more difficult to crack. What isn’t exactly clear in the report is whether the database was actually leaked (as it was discovered on a third party server) or the result of a hack (as it seems that MyHeritage might not be able to remove the database, suggesting that they don’t have control over that copy of the database at this point).
Still, it is highly recommended that users, at minimum, change the passwords. This is because if the hashing does wind up being cracked despite the apparent security measures, then that password can be used by potential third party actors who may not have your best interests in mind. If you re-used your password on another service, it is also advisable that you change your password on those third party services as well.
This represents the first data breach we became aware of this month. It certainly shows that June is off to a disastrous start on the security front.
Last month was particularly brutal as we’ve been able to cover a security incident on average once every three days. It started with what we thought was a bang with 34.5 million account compromised in a data breach. What followed was the Chili’s data breach with an unknown number of credit cards compromised. After that, Cambridge University suffered a data leak that exposed sensitive information covering 3 million Facebook accounts. After that was the LocationSmart data leak which saw potentially any American on any major ISP having their real time geolocation information exposed to anyone.
The month of May just never let up as the Los Angeles county 211 crises and abuse hotline suffered their own data leak with 3.2 million records exposed. Shortly after, we were able to report on the TeenSafe data leak which saw thousands of accounts exposed. Comcast joined this apparent party with a data leak that saw their Xfinity customers exposed. From a blockbuster headline in the US to a blockbuster headline in Canada – CIBC and the Bank of Montreal suffered a data breach which saw thousands of bank accounts compromised.
May just kept on giving as AgentRun suffered their own data leak, exposing thousands of files. The month ended with the blockbuster headlines no doubt circulating Africa as 1 million South Africans information was exposed.
This latest data leak or breach seems to show that these security incidences are growing in size. Definitely not a trend anyone wants to see by any means. We can only hope this isn’t a sign that we are in for another rocky month.
Drew Wilson on Twitter: @icecube85 and Google+.