Ancestry.com has investigated a leak that publicly exposed 300,000 passwords, email addresses and usernames via a leaky RootsWeb server.
The Chief Information Security Officer at Ancestry, Tony Blackham, said in a statement that a security researcher had contacted the company last Wednesday indicating he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server.
RootsWeb is a free community-driven collection of tools used to host and share genealogical information.
The company further confirmed that 55,000 of the leaked accounts were used on one of the Ancestry sites, but was mainly older unused or free trial accounts. Additionally, 7,000 of the password/email combinations matched credentials used by active Ancestry customers.
According to a Threatpost report, Ancestry believes the data was leaked as far back as November 2015. The data was hosted on RootsWeb’s infrastructure and was not directly linked to Ancestry.com’s website and services.
No credit card or social security numbers were impacted by the data leak.