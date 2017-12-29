300,000 Users Exposed In Ancestry.com Data Leak (threatpost.com) 25
Dangerous_Minds shares a report from ThreatPost: Ancestry.com said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet. In a statement issued over the weekend, Chief Information Security Officer of Ancestry.com Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server. On Wednesday, Ancestry.com told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb's infrastructure, and is not linked to Ancestry.com's site and services. Ancestry.com said RootsWeb has "millions" of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards. The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server. "Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers," Blackham wrote.
Because transparency.
When you were taught logical fallacies, I think you may have been mistaken in imagining that they were good things.
Why would anyone design a system that actually stores the password? You hash the password, destroy the password, then move on.
Maybe it is too hard to write a hash because there are none available in libraries.....oh
....never mind.
The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers.
Yeah, nothing sensitive and unchangeable such as a giant database of everyone's mother's maiden name, which is never ever used to "protect" access to credit card data.
I signed up ages ago with a unique email address in 2007 only used to sign up for their service with all partner offers and marketing choices if there were any set to no. Format of user-randomstring@domain.com
I started getting spam to their unique tag years ago so they lost data before. I may have kept a sample of the first spam but I think it was in 2008-2009 timeframe.
I'm sure they can easily change that.
Mwa-ha-ha-haaaa !
Just kidding (for now) . . .
It is inevitable that genetic databases will be used by desperate rich people needing transplants.
I was thinking about sending in my sample anonymously . . .
;(
Then, I realized that I would be easily identified from my family who had sent in samples
Don't forget law enforcement. Even if they couldn't use DNA evidence directly, if a match comes up, you can use parallel construction so you know exactly who you want to go after. They would love as many DNA samples as they can get.