Here we go again. Another massive data leak has been confirmed, and this time, it's on the most popular genealogical and family tree tracking company around.
Ancestry.com has confirmed that a server on its RootsWeb service exposed a file that has usernames, email addresses and passwords of 300,000 registered users. RootsWeb is Ancestry.com's free collection of community-driven tools for sharing genealogical information such as user forums and mailing lists.
According to data breach tracking website HaveIbeenPwned's Troy Hunt, the stolen information was leaked and posted online in plain text. Hunt also believes that the breach occurred in 2015.
In an official statement released by Ancestry.com's Chief Information Security Officer Tony Blackham, they were informed by Hunt about the file on December 20 and they have confirmed that the file does contain the login credentials of the users of RootWeb's surname list information. Yikes.
Although Ancestry's RootsWeb has retired the surname list information in early 2017, the security team disclosed that 55,000 of the email/username and password combinations were used on both RootsWeb and Ancestry.com websites and 7,000 of those credentials belong to active Ancestry.com accounts.
During their investigation, they also discovered other usernames on the RootsWeb server, although not on the file, may have been exposed internally too.
Blackham assures everyone that RootsWeb does not host personal information like credit card numbers or Social Security numbers nor does it share the same infrastructure as the Ancestry.com brands and services.
He also wrote that they have no reason to believe that other Ancestry.com systems were compromised nor have they seen any activity indicating the compromise of individual Ancestry user accounts.
How did it happen?
Based on Ancestry.com's forensic investigation of the breach, they believe that someone was able to extract and create the file as "a direct result of how part of this open community was set up." They are now working to fix the issue.
To protect its users, Ancestry has locked out the accounts of the 55,000 customers who used the same credentials on RootsWeb's surname list and Ancestry.com regardless of whether they're active or not. These users have been informed via email and are required to create a new password for their accounts.
Ancestry has also taken RootsWeb offline while they're working to secure the data and resolve the issue.
Basic steps after a data breach:
Don't take their word for it though. If you use Ancestry.com or any of its services, here's what you can do:
- Change your password - The first thing you need to do is change your password. Even if you are not notified by the company, you should still change it immediately. Read this article to help you create the perfect passwords.
- Check other accounts - With major data breaches like this, password reuse attacks will inevitably happen. If you are using the same passwords for multiple accounts, it is important that you review and change them now as well. If you don't know by now, it is bad practice to use the same password across different services.
- Beware of phishing - Carefully scrutinize any emails or texts claiming to be from Ancestry.com, they might be just fraudulent attempts to steal more of your personal information. Once the news of a data breach gets out, opportunistic cybercriminals try and scam unsuspecting people with phishing attacks.
- Use a password manager - You can use a third-party password manager to automatically create unique and complex passwords for you across multiple sites.