Account data associated with 92 million users of genealogy and DNA testing service MyHeritage were leaked and found on a third party private server.
The breached customer data was discovered by a security researcher and consisted of emails and hashed passwords.
MyHeritage issued a statement on Monday regarding the cybersecurity incident:
“Today, June 4, 2018 at approximately 1pm EST, MyHeritage’s Chief Information Security Officer received a message from a security researcher that he had found a file named myheritage containing email addresses and hashed passwords, on a private server outside of MyHeritage. Our Information Security Team received the file from the security researcher, reviewed it, and confirmed that its contents originated from MyHeritage and included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords.”
The company said that users who signed up for the service before October 26, 2017 (the date of the breach) are impacted. So far, no recent activity indicated that any of the accounts were compromised as of Monday.
No other financial data to include payment card data was impacted in the breach, the company said.
This is the biggest breach since last year’s massive Equifax data breach of nearly 148M customer records.