• by Ray Schultz , June 6, 2018

Over 92 million email addresses were exposed in a breach of the MyHeritage genealogy site.

This included the addresses and hashed passwords of people who had signed up with the firm up to October 26, 2017, the company said in a blog post on Monday.

The firm, which traces family trees through DNA, believes the intrusion is limited to the email addresses. It says there is no evidence that the data has been used by the perpetrators.

The breach was discovered by a security researcher who had found a file called myheritage on a private server outside of MyHeritage, containing the email addresses and hashed passwords. The researcher alerted the company’s information security officer.

DNA data and family tree information are stored on separate systems, and credit card information is stored with such third-party billing providers such as BlueSnap and PayPal, the firm continues. 

The firm says it is “taking the steps to inform relevant authorities as per GDPR.” It urges users to change their passwords.

It is also introducing a two-factor authentication feature, and is advising consumers to use it.