What Happened
In October 2017, genealogy platform MyHeritage suffered a data breach on October 26, when unauthorized access exposed a file containing email addresses and salted SHA-1 hashed passwords of 92,283,889 users who had signed up through that date. The breach was discovered and reported to the company seven months later on June 4, 2018, by a security researcher who found the file on an external private server, with no evidence of compromise to other systems like DNA data, family trees, or payment information. MyHeritage responded swiftly by publicly announcing the incident within hours, expiring all user passwords to force resets (including for post-breach accounts), notifying authorities under GDPR, establishing 24/7 support, and accelerating two-factor authentication rollout, though the exact intrusion method remained undisclosed. The data later surfaced for sale on dark web markets in 2019.
