The MyHeritage data breach was a massive wake-up call about the dangers of providing personal and sensitive data to companies, with some 92m users affected by the breach.
When we have the ability to provide companies like MyHeritage with DNA information, which is used together with personal and sensitive information and a wealth of data about family histories, the massive MyHeritage data breach is a monumental wake-up call.
The family networking and genealogy site discovered the data breach last month, which reportedly took place in October last year.
MyHeritage data breach is monumental
The MyHeritage data breach was confirmed in a blog post by the company, detailing the information surrounding the incident. They said that they were contracted by a security researcher who had found a file named ‘myheritage’ on a private server external to the MyHeritage company.
The data breach reportedly included the email addresses and hashed passwords of 92,283,889 users.
Although it’s understood that the data breached in this incident is limited only to email addresses and hashed passwords, it cannot be ignored that this company holds very personal and sensitive data, including DNA information, which could cause some serious damage in the hands of fraudsters and criminals.
Another longstanding vulnerability case?
The MyHeritage data breach may be yet another case of data being left vulnerable for a considerable period of time. Given that the breach occurred last October but was only discovered in June last month – eight months after the breach – we have to question how it went unnoticed for such a long period of time.
Although this is considerably concerning, it’s not uncommon. The recent Ticketmaster data breach that we’re representing victims for, where data was left vulnerable for several months before it was identified, is one other example, as is the Equifax data breach we’re helping people claim for as well.
The recent news of the Dixons Carphone data breach also fell within this category, where news of the breach took almost a year to break.
This is not good enough at all in my view. Organisations must have effective systems in place to identify data breaches as soon as possible. The longer an issue is left, the more vulnerable victims can be.