MyHeritage Genealogy Site Announces Mega Breach Affecting 92 Million Accounts
According to BleepingComputer.com, Family genealogy and DNA testing site MyHeritage announced on Monday a security breach during which an attacker made off with account details for over 92 million MyHeritage users.
Industry experts have expressed a view that the site did not have robust password policies. For example, according to Anthony James, CMO of CipherCloud, a leading provider of cloud security solutions, “The bad news is, for sure, that 92 million MyHeritage user accounts were compromised. The attackers obtained emails and hashed passwords. Don’t believe for a second that a hashed password is safe. When a user normally logs in, the password submitted is run through the hash function and then the result is compared with the hashed password stored for that user.
Hashed passwords are absolutely not safe if stolen – these hashed passwords are still highly vulnerable to a dictionary attack, where the attacker runs a hash function against the top 100,000 most popular passwords and computes the hash function against all of them. Then all they need do is compare these calculated values to the list stolen from MyHeritage. So, NO, a smart cyberattacker could be working diligently, even now, to map the hashed values to real passwords and break the accounts.
The moral of the story? Protecting customer data is more important than ever. New best practices such as the use of Zero Trust end-to-end encryption and 2-factor authentication are required for data and threat protection as well as the barrage of new compliance regulations.”
Read full article here: