MyHeritage.com
  • Total Records92,284,194
  • Unique Emails92,101,931
  • Unique Email Providers2,580,178

MyHeritage.com Data Breach: October 2017 – What You Need to Know

In October 2017, MyHeritage.com, a popular genealogy and ancestry website, experienced a major data breach that ultimately affected more than 92 million users. The incident led to the exposure of both email addresses and hashed passwords belonging to account holders. Surprisingly, the breach went undetected for several months before eventually coming to light in June 2018, when a security researcher found the leaked information and reported it to MyHeritage. This event sent ripples through the genealogy community, raising concerns about personal account security on platforms that store sensitive family and historical data.

What information was exposed in the MyHeritage breach?

The data exposed during the MyHeritage breach included two primary pieces of information: users’ email addresses and hashed versions of their passwords. The passwords themselves were protected with a SHA-1 cryptographic hashing algorithm and were further salted for added security. No payment information, genetic data, or other sensitive details were reported as compromised in this breach.

How many users were impacted?

Based on the disclosed information, a total of 92,284,195 records were involved in the breach. This figure covers nearly all registered users on the platform as of October 26, 2017, making it one of the more extensive exposures among similar online genealogy services to date.

When and how did the breach happen?

The breach occurred on October 1, 2017. However, its existence wasn’t known until June 2018, when a security researcher came across the compromised data stored on a private server outside of MyHeritage’s control. The discovery prompted MyHeritage to investigate the root cause and inform users about the incident. The delay between the breach and its discovery exemplifies how undetected exposures can linger and underscore the importance of thorough monitoring for unusual activity.

Breach timeline

  • October 1, 2017: User data including email addresses and hashed passwords is accessed by unauthorized parties.
  • June 4, 2018: MyHeritage learns of the breach when a researcher reports finding the data.
  • June 2018: The company publicly discloses the breach, notifies users, and initiates an internal review and security improvements.

FAQ about the MyHeritage.com Data Breach

What happened during the MyHeritage.com breach?

In October 2017, unauthorized access to MyHeritage’s user database exposed over 92 million account email addresses and hashed passwords. The breach wasn’t discovered until a researcher found the exposed information in June 2018.

How many users were impacted by the MyHeritage data breach?

Over 92 million user records were compromised in the MyHeritage.com breach, accounting for most users of the service up until late October 2017.

What data was leaked in the MyHeritage.com breach?

The exposed information consisted of account email addresses and cryptographically hashed passwords. Payment details and genetic data were not included in the breach.

How can I check if I'm in the MyHeritage.com breach?

You can check if your information was part of the MyHeritage.com breach by utilizing the DeHashed search engine.