Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Privacy

MyHeritage, a DNA Testing and Ancestry Service, Announces Data Breach of Over 92 Million Account Details (vice.com) 117

Joseph Cox, reporting for Motherboard: Unfortunately for customers of MyHeritage, a genealogy and DNA testing service, a researcher uncovered 92 million account details related to the company sitting on a server, according to an announcement from MyHeritage. The data relates to users who signed up to MyHeritage up to and including October 26, 2017 -- the date of the breach -- the announcement adds. Users of the Israeli-based company can create family trees and search through historical records to try and uncover their ancestry. In January 2017, Israeli media reported the company has some 35 million family trees on its website. In all, the breach impacted 92,283,889 users, according to MyHeritage's disclosure.
This discussion has been archived. No new comments can be posted.

MyHeritage, a DNA Testing and Ancestry Service, Announces Data Breach of Over 92 Million Account Details

Comments Filter:
  • With the security breach it kind of gives a whole new meaning to:

    Who's your daddy? :-/

    On a related note:

    When are we going to start fining companies that suffer a security breach?
    Until there is a financial penalty companies have very little motivation to take security seriously.

    • by TechyImmigrant ( 175943 ) on Tuesday June 05, 2018 @11:21AM (#56731482) Homepage Journal

      >Who's your daddy?

      In my family's case, it was "Who's your uncle?" and "Who's your cousin?".

      My wife's bible bashing, holier than thou grandfather was dipping his wick in many places it seems. The denial on the part of the bible bashing, holier than thou, next generation was remarkable.

      23andme uncovered these things.
       

    • With the security breach it kind of gives a whole new meaning to:

      Who's your daddy? :-/

      On a related note:

      When are we going to start fining companies that suffer a security breach?
      Until there is a financial penalty companies have very little motivation to take security seriously.

      You punish a company that doesn't take security seriously by taking your business elsewhere.

      We don't legally punish the person whose house get's broken into by a burglar for not securing their house properly. We don't legally punish Target for being the victim of shoplifting. You don't arrest rape victims for being raped (even if they wore revealing clothing and didn't learn to defend themselves with kung-fu).

      Charging the victim isn't an option.

      As a consumer, sure, you have the right to take your business

      • by Kozar_The_Malignant ( 738483 ) on Tuesday June 05, 2018 @11:34AM (#56731586)

        We don't legally punish the person whose house get's broken into by a burglar for not securing their house properly.

        > That's because I'm not generally storing my stuff in my neighbor's house. However if I loan my lawnmower to my neighbor, and it gets stolen because he left his garage door open overnight, he is generally responsible civilly for my loss.

      • Fucked up analogy.

        You're suggesting that DNA shit is something you can file for, and have the company return it back to you, in its entirety so you can give it to another business.

        Also, strangers don't have their goddam personal property or data in your unlocked house.

        Litigation is the ONLY solution to this bullshit.

        • Fucked up analogy.

          You're suggesting that DNA shit is something you can file for, and have the company return it back to you, in its entirety so you can give it to another business.

          Also, strangers don't have their goddam personal property or data in your unlocked house.

          Litigation is the ONLY solution to this bullshit.

          It's not your data. It's their data because you gave it to them. Now, I'm all for changing privacy laws to be more like European privacy laws- but you can't say you had YOUR data stolen when as it sits in the law it isn't your data- it's the web company's data.

          • ... but you can't say you had YOUR data stolen ...

            You should sign up on a site called, "Slashdot ... News For Nerds; Stuff That Matters"

            They have stories [slashdot.org] that can help you understand.

            Data Breach Victims Can Sue Yahoo in the United States, Federal Judge Rules

            • You should sign up on a site called, "Slashdot ... News For Nerds; Stuff That Matters"

              They have stories [slashdot.org] that can help you understand.

              Nah... I stay away from there, that place is full of idiots. :)

              Data Breach Victims Can Sue Yahoo in the United States, Federal Judge Rules

              Sure... you're welcome to try suing in a civil court if you like. 9 times out of 10 you'll probably fail. Yahoo might actually be one of those rare exceptions because it wasn't just negligence it was gross negligence. They weren't just insecure- they KNEW they were insecure and actively did nothing.

              If you think you own the data you give to companies like Facebook, and MyHeritage, etc, you're bound to be disappointed in the long run. You migh

        • >You're suggesting that DNA shit is something you can file for, and have the company return it back to you, in its entirety so you can give it to another business.

          That's exactly how it works. You can download it and give it to another business, like Promethease or Genetic Genie or Nutrahacker.

          • I'm going to go to space and change mine so it's no longer useful to them. Then I'll be able to count on one hand the seven reasons I'm never doing business with them again.

            • by slew ( 2918 )

              I'm going to go to space and change mine so it's no longer useful to them. Then I'll be able to count on one hand the seven reasons I'm never doing business with them again.

              You don't have to go that far, Chernobyl and Fukushima are both accessible w/o a rocket...

    • by SeaFox ( 739806 )

      When are we going to start fining companies that suffer a security breach?

      Just as soon as money gets out of politics.

  • ... is going to sting on this one...
  • by Anonymous Coward on Tuesday June 05, 2018 @11:26AM (#56731534)

    DNA testing results are particularly sensitive information. While these sites use the information to identify ancestry, they can also test for genetic risk factors for developing various illnesses. That information may be very useful to individuals who can make lifestyle and medical decisions to mitigate those risks. Unfortunately, that information can also be used by insurance companies to deny coverage and by potential employers to not hire people who are at higher risks to develop some medical conditions.

    There needs to be a certification process for handing sensitive data, meaning that businesses must be certified before they're legally allowed to handle information like DNA test results. That certification process should require third party audits to ensure that various standards are met. This would be followed up with random unannounced periodic checks to ensure that the business is still in compliance with those standards. Any business that is handling such data without certification should be subject to penalties at least as severe as if all the sensitive data was compromised in a breach. There needs to be standards for handling sensitive data and a certification process to ensure that the data is handled properly.

  • The data that was accessed seems to be a list of email addresses with hashed and salted passwords.
  • Every gods-be-damned week, there's more of this shit happening.

    You all have exactly TEN SECONDS to justify to me why, in 2018, with this shit happening every gods-be-damned week, you'd ever sign up for any internet service that requires your real name and other personal information. Lunacy, it's all lunacy.
    • *You* may not give up this information, but someone who has all of your personal information in their contacts on their phone may.

      It's a clusterfuck.

      • No one has 'all my personal' anything on their phone, and I don't use ANY 'social media', so there's nothing anyone I know has that can leak to anyone else.
        • Well congrats you are the unicorn who knows for a 100% fact that no one in the world has any personal information about you stored on their phone or elsewhere. I figured in this day you would have to live in the forest and never make contact with anyone to achieve that goal but here you are. The rest of us have family and friends and even acquaintances who may do this unbeknownst to us. Also data mining companies pretty much have all of your information anyway from decades of public records and 'PII for

          • By the way; Slashdot is a form of social media.

            LOL maybe you basement dwelling neckbeards believe that, but since all Slashdot knows about me is a totally fake name and an email address, that really doesn't count for anything.

            Be a yellow-bellied abject fucking coward and accept the governmental and corporate erection up your ass all you like, buddy, if that's what makes you happy. Maybe they'll even give you a nice kiss afterwards, if you ask nicely for seconds. Fucking loser won't even be bothered to fight, LOL.

  • Jesus Christ. Another? What a surprise. I feel like putting all of my details out in public on my own website.

    Why? Don't go to those other guys to get my info as it might be incorrect. At least retrieve it from the authoritative source where it's supposed to be right.

    I could also host a comment section in case anyone discovers something actually IS incorrect. Hell, you're already using my data, you might as well help me correct any inadvertent errors while you're at it.

    By the way, the security PI
  • Spring Special
    50% discount on the MyHeritage Complete plan, for the next few days only!
    Learn more

    So you have a breach SIX MONTHS AGO and not only do you not tell anyone, but the day you supposedly announce it, that doesn't seem to make it to your page? Really?

  • I paid for the test only to learn I'm a mayo sandwich on white bread with the crusts cut off... I was hoping for something cool (I might be Eastern European though)
    Anyway, checked my profile, and I used my hotmail account and filled out the forms using a single letter for each field. I blame genetics for my paranoia.
  • It's getting to where I don't trust anybody with anything.

This is now. Later is later.

Working...