On Monday, the genealogy and DNA testing site, MyHeritage, disclosed a data breach involving 92 million user accounts.
What Happened at MyHeritage
The breach was uncovered by a security researcher who found the file of email addresses and hashed passwords on a server outside of the MyHeritage databases. The researcher shared the file with MyHeritage yesterday, and the company confirmed the credentials found in the file were MyHeritage users.
While it’s not impossible for a hacker to crack an encrypted password, MyHeritage currently believes that no user accounts have been compromised as a result of this breach. The company posted a detailed blog post on the incident, including what happened, what they’re doing to resolve the issue, and what steps MyHeritage users should take now. In addition, they’re taking steps to roll out multi-factor authentication (MFA) to all MyHeritage users to add an additional layer of protection beyond the password itself.
Preventing Against Potential Attacks
Unfortunately, this incident is an unwelcome reminder that data breaches can happen at any time, to any company. You never know when your account or personal information might be as risk, which is why we always recommend you take your online security seriously. Create secure passwords, never reuse them, enable MFA where you can, and of course, get yourself setup with a password manager, like LastPass. These are simple steps that don’t take a great deal of time and will likely prevent headache and data loss in the event of a data breach.
Here are the three most important steps you can take to start bolstering your online security:
Create strong passwords.
Strong passwords are the foundation of your online life – you want them to be long, complex, and unique. A password that combines all of those characteristics is likely very strong. The length of a password is arguably the most important indicator of its strength. The longer the password is, the harder it becomes to crack (or brute-force attack, which simply means it takes longer for a computer to correctly guess it). With a password manager like LastPass, you can automatically generate strong passwords right from your browser, plus it’s then stored right in your LastPass vault for the next time you need it.
Change reused passwords.
If you have a MyHeritage account and reused that password for other accounts, those could be at risk. You should always create unique passwords for every account. If you need help identifying which accounts have reused passwords, take the security challenge linked in your LastPass vault to identify weak, resued, old, and compromised passwords. This will also help you quickly update with new strong passwords for each account.
Turn on multi-factor authentication.
Multi-factor authentication (MFA) adds an additional layer of security by requiring another piece of information before access is granted. It is key to add multi-factor authentication to any service that supports it, whether an internal system or third-party app. This strengthens your defenses, so that an attacker will be stopped even if they get a hold of your password in a breach such as the one MyHeritage experienced.
So, if you’ve ever created a MyHertiage account or are guilty of reusing the same weak password – start putting these steps into action and you’ll be glad you did!