Hey, those are my credentials!: MyHeritage Compromise
Attackers are consistently looking for the crown jewels of a business to exfiltrate. Generally, data tends to be the prime target with these attacks. Once secured, the attackers may sell, trade, or use this information for their own advantage. In the last few years those with malicious intent have been particularly interested in obtaining data related to a person’s DNA and family history.
Services such as MyHeritage, Ancestry, and 23andMe offer a glimpse into an individual’s family history and are growing in popularity. Subscribers to these services want to gain a greater grasp of their heritage. The DNA test is a tool to gain a portion of this information.
There are a number of services to get this data for the consumer. One of these is MyHeritage, a web-based genealogy and DNA testing service. As the tenants send in the DNA samples, and these are processed, the business keeps the data on their servers. The attack targeted their business user’s login credentials, and used this for the various malicious ends.
The system where the data was held was compromised on October 26, 2017. The attackers were able to exfiltrate email addresses and hashed passwords. These were held on a private server not under the company’s control. There were over 92M affected users. Fortunately, the DNA report results were stored on a different system. This other system had more defenses in place. The business had not detected how this was done.
The business did not know the attack’s method or the business had been compromised. The business was notified by a non-associated security researcher. The third party researcher noted they detected a file was located on a private server. There had been no evidence yet the data itself had been used for malicious purposes. After the attack, in an attempt to increase the defense, TFA (two-factor analysis) was implemented at a quicker pace.
Afifi-Sabet, K. (2018, June 6). MyHeritage suffers massive data leak affecting 92M users. Retrieved from http://www.itpro.co.uk/data-breaches/31254/myheritage-suffers-massive-data-leak-affecting-92m-users
Chalfant, M. (2018, June 5). Genealogy platform says hackers stole data on 92M users. Retrieved from http://thehill.com/policy/cybersecurity/390799-genealogy-platform-says-hackers-stole-data-on-92m-users
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.