Skip to main content

MyHeritage Data Breach Hits 92 Million Users: What to Do

There's been another massive data breach -- but this one may have a happy ending.

Credit: Jack Frog/Shutterstock

(Image credit: Jack Frog/Shutterstock)

Israel-based genealogy website MyHeritage announced yesterday (June 4) that someone had stolen the email addresses and encrypted passwords of all its registered users: 92,283,889 on the day of the breach, Oct. 26, 2017.

The good news, if MyHeritage Chief Information Security Officer Omer Deutsch's blog posting is to be believed, is that each password was "hashed" with a unique encryption key for each user. In other words, it's unlikely that any of the passwords can be decrypted.

Deutsch nonetheless recommended that all registered MyHeritage users change their password anyway. If you used the same password on a different site, you'll want to change that as well, and to something different from the MyHeritage one.

MORE: What to Do After a Data Breach: A Step-by-Step Guide

Deutsch also said that MyHeritage would be "expediting" its development of a two-factor-authentication (2FA) option. If you're a MyHeritage user, we strongly recommend using 2FA when it becomes available, as we do for all sites that provide it.

The breach did not involve credit-card numbers, or the family trees and DNA test results that MyHeritage also handles.

We also have to commend MyHeritage for acting swiftly and notifying its users as quickly as possible. Deutsch said that the site learned of the breach only yesterday after an unnamed security researcher contacted the company. The implication is that the announcement was up in a matter of hours.

Compare this accountability with Equifax, which took six weeks to disclose its own devastating data breach; with LinkedIn, which took four years to tell people that more than 100 million email addresses and poorly encrypted passwords had been stolen from its servers; or with the comedy of errors at Yahoo, which took years to even notice two gargantuan thefts of data that together impacted 3.5 billion users.

Let's hope MyHeritage's practices set a template for the handling of future data breaches.

Best Identity Protection

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. That's all he's going to tell you unless you meet him in person.