92 million MyHeritage email addresses found on private server
On Monday, MyHeritage, an online genealogy platform, announced that more than 90 million of their users had email addresses and hashed passwords compromised, after a researcher discovered a file being hosted on a private server.
MyHeritage confirmed that the contents of the file originated from the company.
In addition, based on the wording of the disclosure, the company determined the compromised data included email addresses and hashed passwords for everyone who signed up for the service from 2003 until October 26, 2017.
“We determined that the file was legitimate and included the email addresses and hashed passwords of 92,283,889 users who had signed up to MyHeritage up to and including Oct 26, 2017 which is the date of the breach. MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer. This means that anyone gaining access to the hashed passwords does not have the actual passwords,” the company explained in a blog post.