Deutsch nonetheless recommended that all registered MyHeritage users change their password anyway. Security researchers discovered earlier this week that over 92 million account details of MyHeritage customers were sitting on a private server outside of the company.
The genetic analysis and family tree website MyHeritage was breached a year ago by unknown actors, who exfiltrated the emails and hashed passwords of all 92 million registered users of the site.
In a statement issued late Monday afternoon, MyHeritage said there was "no reason to believe" that data other than email addresses and hashed passwords had been accessed without authorization. The company said it does not have evidence that any information was actually used by those responsible for the breach. But the stolen data contains information on customers up to October 26, the date the breach occurred, MyHeritage said in a blog post.
MyHeritage said that the hashing is "one-way", meaning that it is nearly impossible to turn the hashed password back into the original. "This means that anyone gaining access to the hashed passwords does not have the actual passwords", MyHeritage assured.
As consumer DNA testing has grown into a $99 million industry, questions about the security of users' intimate data have increased as well. The Israeli company offers customers a detailed a breakdown of their ethnic origins and family tree based on their DNA testing results. "Since Oct 26, 2017 (the date of the breach) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromised". And other sensitive information, such as DNA data and family trees, are stored separately from email addresses and have extra layers of security.
But the more people send in their DNA samples, the more easily identifiable they will become.
Nevertheless, the mysterious hacker behind the breach had about seven months to exploit the stolen data before MyHeritage noticed.
The company said it immediately launched an internal company investigation after learning of the possible intrusion, and has also hired a cybersecurity firm to conduct forensic analysis to determine the scope of the breach.
Deutsch also said that MyHeritage would be "expediting" its development of a two-factor-authentication (2FA) option. Still, DNA sites could be promising for the future of medicine.