Genealogy site MyHeritage hacked – exposing 92 million users’ passwords, emails and genetic secrets
- On Monday afternoon, the popular heritage site revealed it had been hacked
- The breach occurred back in October 2017 – less than two weeks before MyHeritage launched its DNA testing service
- Now, millions of users’ emails and disguised passwords have been leaked, but not used, the company says
- It claims that DNA information is stored separately, securely and is unaffected
- Research has shown that ‘de-identified’ genetic information can be re-matched with its owners
- The news comes just over a month after DNA from genealogy sites allowed police to catch the Golden State Killer
The genealogy site MyHeritage has been hacked, exposing the emails and disguised passwords of its 92 million users and raising questions about the security of its DNA databases.
MyHeritage DNA, the genetic arm of the popular online site, allows users to build family trees based on who those with whom they share DNA.
The company released a statement on Monday afternoon asserting that it had ‘no reason to believe’ that this data had been exposed.
Amid recent revelations about the accessibility of private information – including the infamous Cambridge Analytica leak and the use of genealogy data to track down the Golden State Killer – the leak is cause for worry over the safety of health information stored in online databases.
Genealogy website MyHeritage announced Monday that a data breach exposed the emails and disguised passwords of 92 million users, raising concerns over the safety of its DNA databases
The ease with which a person in the modern world can connect with a distant blood relative, or find out they carry a genetic disorder, is nothing short of remarkable.
Place an online order, await a mailed kit, swab your cheek, seal it in an envelope, send it back, wait a few weeks and, suddenly, you will have many of your DNA’s secrets unlocked, in your hands.
But the question is how easily could someone else wind up with your genetic secrets in their hands, too?
MyHeritage’s statement claims that this would be very challenging, assuring users that, unlike their email addresses and passwords, the genetic data the company collects is hidden away behind ‘added layers of security.’
Has YOUR genome already been hacked? Expert warns…
Mail-order cancer tests deliver false positives 40% of the…
Share this article
Yet the site was unaware that 92 million people’s user information was compromised until an unaffiliated researcher found a file named after the site sitting on a private server.
Hackers accessed data on every single user that had joined the site since October 26 2017 – the day that the system was breached.
Interestingly, the company launched its DNA testing service less than two weeks after its user information system was accessed illicitly.
But, ‘other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses,’ the site’s statement says.
In medical settings, DNA and health data are strictly protected under HIPPA laws.
But, as was seen in the case of the Golden State Killer, protections surrounding information stored on genealogy websites is more quickly accessible.
Now, the National Institutes of Health (NIH) has proposed to create its own DNA database, intended to help researchers there work out why illnesses strike the people they do, and not others.
Joseph DeAngelo (left), the man suspected of being the Golden State Killer (sketch, right), was arrested last Tuesday, after investigators used a DNA ancestry website to identify him
Like for-profit companies such as 23andMe and MyAncestry, the government says it will detach identifying information from the DNA it collects in order to protect the privacy of those who submit.
In order for the information it gathers to be useful, however, a certain threshold of users will have to sign up.
But the more people send in their DNA samples, the more easily identifiable they will become.
In a 2013 study, researchers at Harvard University and Massachusetts Institute of Technology (MIT) showed that even genetic information that had been stripped of ‘identifying’ portions could be re-matched to their owners.
This was because segments of DNA that matched aligned with relatives and could be traced back to shared last names.
Ethicists and consumers alike have worried that the divulgence of genetic information could lead to discrimination in healthcare and beyond.
MyHeritage reassures its users that they are taking steps to further protect their information – genetic and otherwise.
These steps include an investigation and an added, optional authentication-factor in which users would confirm their identities via cell phone, which MyHeritage promises to roll out ‘soon.’
For its users, it suggests changing their passwords, which are purportedly stored separately from their genetic information.
Source: Read Full Article