July 9, 2020

Volume X, Number 191

July 09, 2020

Subscribe to Latest Legal News and Analysis

July 08, 2020

Subscribe to Latest Legal News and Analysis

July 07, 2020

Subscribe to Latest Legal News and Analysis

Not So Happy Families: Online Genealogy website Suffers Data Breach

Online genealogy platform MyHeritage suffered a major data breach in which email addresses and hashed passwords of over 92 million users were leaked. The data breach occurred in October 2017, but was not discovered until 4 June 2018.

MyHeritage became aware of the breach after a security researcher found a file named “myheritage” on a private server. The file contained all the email addresses of MyHeritage users who signed up through to 26 October 2017, and their hashed passwords.

MyHeritage stated there was no evidence the data in the file had been used by the perpetrators. It claimed that it does not store user passwords, but a “one-way hash” of each password, which means that whoever accessed the data did not have access to the actual passwords. MyHeritage also offers DNA testing services, but assured users that DNA data and family trees were not affected, as they are stored on segregated systems to email addresses, and have added layers of security.

The increasing popularity of DNA and genealogy sites makes them ripe targets for cyberattacks. The sensitive nature of the information uploaded to these sites – which includes genetic data – makes leaking of user information a concerning prospect.

Ancestry platforms have seen some major developments, not only from their rising popularity, but also in how they are being used by law enforcement agencies for purposes that may not have been fully anticipated by their users (or their distant relatives). In May we blogged about how the Golden State Killer was caught using DNA matched on open genealogy website GEDmatch. It has also been reported recently that investigators are attempting to use those same methods to try and catch the notorious Zodiac Killer.

Sarah Goegan also contributed to this piece.

Copyright 2020 K & L GatesNational Law Review, Volume VIII, Number 164


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...