Hey, those are my credentials!: MyHeritage Compromise

Attackers are consistently looking for the crown jewels of a business to exfiltrate. Generally, data tends to be the prime target with these attacks. Once secured, the attackers may sell, trade, or use this information for their own advantage. In the last few years those with malicious intent have been particularly interested in obtaining data related to a person’s DNA and family history.

Services such as MyHeritage, Ancestry, and 23andMe offer a glimpse into an individual’s family history and are growing in popularity. Subscribers to these services want to gain a greater grasp of their heritage. The DNA test is a tool to gain a portion of this information.

Target

There are a number of services to get this data for the consumer. One of these is MyHeritage, a web-based genealogy and DNA testing service. As the tenants send in the DNA samples, and these are processed, the business keeps the data on their servers. The attack targeted their business user’s login credentials, and used this for the various malicious ends.

Attacks

The system where the data was held was compromised on October 26, 2017. The attackers were able to exfiltrate email addresses and hashed passwords. These were held on a private server not under the company’s control. There were over 92M affected users. Fortunately, the DNA report results were stored on a different system. This other system had more defenses in place. The business had not detected how this was done.

Post-Attack

The business did not know the attack’s method or the business had been compromised. The business was notified by a non-associated security researcher. The third party researcher noted they detected a file was located on a private server. There had been no evidence yet the data itself had been used for malicious purposes. After the attack, in an attempt to increase the defense, TFA (two-factor analysis) was implemented at a quicker pace.

Resources

Afifi-Sabet, K. (2018, June 6). MyHeritage suffers massive data leak affecting 92M users. Retrieved from http://www.itpro.co.uk/data-breaches/31254/myheritage-suffers-massive-data-leak-affecting-92m-users

Chalfant, M. (2018, June 5). Genealogy platform says hackers stole data on 92M users. Retrieved from http://thehill.com/policy/cybersecurity/390799-genealogy-platform-says-hackers-stole-data-on-92m-users

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Check back soon

Once posts are published, you’ll see them here.

Cybersecurity and Medical Devices

Cybersecurity and Linux SSH Servers

Cybersecurity and the Auto Industry

Cybersecurity and the Energy Sector

Cybersecurity and Costs

Cybersecurity and Electronic Health Records

Cybersecurity and IoMT

Cybersecurity and Obscurity

Cybersecurity and New Devices and Old Problems

Cybersecurity and the Diversity of Data

No tags yet.

Hey, those are my credentials!: MyHeritage Compromise

Featured Posts

Recent Posts

Archive

Search By Tags

Follow Us