Hackers obtained the email addresses and hashed passwords of more than 92 million users of a genealogy and DNA testing site last October, according to a company blog post. MyHeritage officials say they learned of the breach after a security researcher informed them Monday afternoon that he had found the file on a private server. As a result of the breach, hackers obtained the email addresses of everyone who signed up for the service before Oct. 26, 2017—but the company took care to note that user passwords remained safe. “MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer,” the post said. “This means that anyone gaining access to the hashed passwords does not have the actual passwords.” The company said it believes the intrusion “is limited to the user email addresses.” MyHeritage plans to add two-factor identification, as well as other protective measures, in the near future.
