When you think of personal security questions, you might think of your mother’s surname or other family information that normally isn’t shared — unless you are building your family tree with an online genealogy search. When Ancestry.com notifies its users of a potential security breach it sounds worse than most.
According to Ancestry.com’s blog post detailing the incident, the security team reviewed the file identified by Hunt, and determined that it does contain login details for 300,000 accounts although they describe, “the majority of the information was old.” They continued their investigation and determined that of the 300,000 accounts, 55,000 had been reused by users on both the RootsWeb and Ancestry websites. Most of the 55,000 were “from free trial, or currently unused accounts,” but 7,000 login credentials were in use by active Ancestry.com users. Ancestry.com supports millions of users so this breach represents less than 1% of their users, however, they still took the potential impacts seriously and acted accordingly.
The internal investigation points to the RootsWeb surname list information service which Ancestry.com retired earlier this year. “We believe the intrusion was limited to the RootsWeb surname list, where someone was able to create the file of older RootsWeb usernames and passwords as a direct result of how part of this open community was set up, an issue we are working to rectify”, according to the blog post by Ancestry.com CISO, Tony Blackman.
He continued with, “We have no reason to believe that any Ancestry systems were compromised. Further, we have not seen any activity indicating the compromise of any individual Ancestry accounts.” According to Ancestry, the RootsWeb servers do not host any credit card or social insurance numbers so the potential impact of this breach appears to be minimized.
The RootsWeb website is currently offline while the Ancestry teams complete their investigation, make the appropriate configuration changes and “ensure all data is saved and preserved to the best of [their] ability.”
In addition, the Ancestry has locked the 55,000 accounts found in the exposed file, requiring users to change their passwords the next time they attempt to log on. They sent emails to all 55,000 email addresses advising them of the incident and recommended actions, and commit to “working with regulators and law enforcement where appropriate.”
To summarize, the Ancestry.com security team responded quickly when notified of a potential breach, determined the potential scope and impact, took swift action to minimize damages, notified impacted users, clearly and publicly described the event. Troy Hunt’s tweet describes it best, “Another data breach from years ago, this time from @Ancestry’s services. Really impressed with the way they handled this: I got in touch with them bang on 72 hours ago and they’ve handled it in an exemplary fashion.”
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Ancestry.com, data breach)
[adrotate banner=”5″]
[adrotate banner=”13″]
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
This website uses cookies.