Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Databases Privacy The Internet

300,000 Users Exposed In Ancestry.com Data Leak (threatpost.com) 43

Dangerous_Minds shares a report from ThreatPost: Ancestry.com said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet. In a statement issued over the weekend, Chief Information Security Officer of Ancestry.com Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server. On Wednesday, Ancestry.com told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb's infrastructure, and is not linked to Ancestry.com's site and services. Ancestry.com said RootsWeb has "millions" of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards. The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server. "Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers," Blackham wrote.
This discussion has been archived. No new comments can be posted.

300,000 Users Exposed In Ancestry.com Data Leak

Comments Filter:
  • What is this, jump on the "we exposed data" bandwagon... but seriously, for Christ sake, this is over 2 years ago. It makes you look stupid, inept or nefarious for failing to report for so long.
  • by apparently ( 756613 ) on Friday December 29, 2017 @07:33PM (#55831645)

    The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers.

    Yeah, nothing sensitive and unchangeable such as a giant database of everyone's mother's maiden name, which is never ever used to "protect" access to credit card data.

  • by Que_Ball ( 44131 ) on Friday December 29, 2017 @07:37PM (#55831657)
    I'm not surprised that they lost data.  It's not even the first time.

    I signed up ages ago with a unique email address in 2007 only used to sign up for their service with all partner offers and marketing choices if there were any set to no.  Format of user-randomstring@domain.com

    I started getting spam to their unique tag years ago so they lost data before.  I may have kept a sample of the first spam but I think it was in 2008-2009 timeframe.

  • I'm sure they can easily change that.

  • Mwa-ha-ha-haaaa !
    Just kidding (for now) . . .
    It is inevitable that genetic databases will be used by desperate rich people needing transplants.

    I was thinking about sending in my sample anonymously . . .
    Then, I realized that I would be easily identified from my family who had sent in samples ;(

    • Mwa-ha-ha-haaaa ! Just kidding (for now) . . . It is inevitable that genetic databases will be used by desperate rich people needing transplants.

      I was thinking about sending in my sample anonymously . . . Then, I realized that I would be easily identified from my family who had sent in samples ;(

      Don't forget law enforcement. Even if they couldn't use DNA evidence directly, if a match comes up, you can use parallel construction so you know exactly who you want to go after. They would love as many DNA samples as they can get.

      • There's that, plus the ability to pin a crime on anyone in a (half-decent) DNA database. Why? Because scientists are getting really good at creating DNA (and what have you) from recipes (electronic encoded information).

        Just throw some DNA in the CRISPR, wait a day or two, and you have DNA evidence!

        • by AHuxley ( 892839 )
          Re "plus the ability to pin a crime on anyone in a (half-decent) DNA database."
          The other issue is that of low and mid ranking DoJ doing DNA work and the resulting random US wide federal database results.
          Say a person did something bad in the 1970's. DNA is fully recovered from a stamp, letter related to the crime in 2017.
          Put the new results of advance DNA recovery into some federal database and see if anyone related is in the US federal criminal/mil/federal DNA system.
          Get some new names and start s
      • by AHuxley ( 892839 )
        1+ for federal law enforcement needing DNA from kin without going anywhere legal near their suspect.
        Dont want to go into local small town courts, gov, look at paper records in fly over country? Mentioning names and looking for records? That town worker might gossip about the DoJ asking for paperwork on well respected locals.
        Do it digitally and get the DNA needed from one person near the suspect. No need to drive and fly out too many times to get records and risk questions by locals.
        Just one time to g
  • Perhaps a bit off topic, but the company may make some profit by selling your DNA data to health insurers. Not sure if this is true. One of the provisions of the Affordable Care Act (Obama care) is that insurers can't deny coverage due to a previous condition. Knowledge of a genetic disposition for some condition that might be expensive to treat would be useful to insurers if the ACA goes away as some members of Congress want.

Time is the most valuable thing a man can spend. -- Theophrastus

Working...