MyHeritage is the latest company to suffer a security breach after a researcher found a file containing email addresses and hashed passwords for more than 92 million users. The researcher alerted MyHeritage to the breach Monday. The data includes account details for users who signed up to the genealogy and DNA testing service by October 26th last year.
In a blog post, MyHeritage said the email addresses seemed to be the only tangible data the hackers accessed. The company doesn't store users' actual passwords; it transforms them into a jumble of characters, and performs the same operation when you enter your password to see if it matches the stored data.
MyHeritage uses third-party payment companies like PayPal, so it doesn't store credit card details, and family tree and DNA data are stored in separate, more secure systems from the email addresses. The company noted there's no evidence the hackers used the breached data, nor does it believe any accounts were compromised as a result of the hack.
There's an investigation into how the hack happened and MyHeritage is taking measures to avoid a repeat incident. It's also accelerating work on two-factor authentication to make logins more secure. In the meantime, it's probably worth changing your MyHeritage password, and checking you have different passwords for every service you use. If the hackers here had data of yours from a different data breach, and the email addresses and passwords are identical, they could easily access your MyHeritage account.