There's been another massive data breach -- but this one may have a happy ending.
Israel-based genealogy website MyHeritage announced yesterday (June 4) that someone had stolen the email addresses and encrypted passwords of all its registered users: 92,283,889 on the day of the breach, Oct. 26, 2017.
The good news, if MyHeritage Chief Information Security Officer Omer Deutsch's blog posting is to be believed, is that each password was "hashed" with a unique encryption key for each user. In other words, it's unlikely that any of the passwords can be decrypted.
Deutsch nonetheless recommended that all registered MyHeritage users change their password anyway. If you used the same password on a different site, you'll want to change that as well, and to something different from the MyHeritage one.
Deutsch also said that MyHeritage would be "expediting" its development of a two-factor-authentication (2FA) option. If you're a MyHeritage user, we strongly recommend using 2FA when it becomes available, as we do for all sites that provide it.
The breach did not involve credit-card numbers, or the family trees and DNA test results that MyHeritage also handles.
We also have to commend MyHeritage for acting swiftly and notifying its users as quickly as possible. Deutsch said that the site learned of the breach only yesterday after an unnamed security researcher contacted the company. The implication is that the announcement was up in a matter of hours.
Compare this accountability with Equifax, which took six weeks to disclose its own devastating data breach; with LinkedIn, which took four years to tell people that more than 100 million email addresses and poorly encrypted passwords had been stolen from its servers; or with the comedy of errors at Yahoo, which took years to even notice two gargantuan thefts of data that together impacted 3.5 billion users.
Let's hope MyHeritage's practices set a template for the handling of future data breaches.
Best Identity Protection
Get it. IdentityForce UltraSecure+Credit is the best overall service for both credit monitoring and identity protection. It also protects your account with two-factor authentication.
LifeLock Ultimate Plus
It's worth it. Get LifeLock Ultimate Plus if you're very worried about having your identity stolen and you also need antivirus software. But you can get better credit monitoring for less with IdentityForce UltraSecure+Credit.
Identity Guard Platinum
Good, but not the best. Identity Guard isn't bad, but for about the same price, IdentityForce UltraSecure+Credit offers more comprehensive personal-data and credit-file monitoring.