Curiosity About Your Heritage May Have Made You A Breach Victim Too

January 26, 2018

Some of us may be curious about our heritage. After all, it can be very interesting. In fact, interesting enough that television series’ have been created around finding ancestors. So, those curious cats out there that use Ancestry.com to look up your family history may be not so happy to find out that a site used by Ancestry.com left information of 300,000 users exposed and unsecured.

After investigation, it was determined that of the 300,000 left open on a RootsWeb server accounts (which is a site with free genealogy tools and discussion forums), only 55,000 contained information that was reused on Ancestry.com. Of those, 7,000 were still active.

Those with active accounts will be required to reset passwords upon next login, according to communication from RootsWeb. However, it’s important to pay attention if you are one of the remaining 293,000 users. That’s because although the login credentials may not have been reused on Ancestry.com, they may have been used on other websites. It’s recommended that anyone with an account on RootsWeb or Ancestry change their passwords. When doing so, make sure to use strong ones. That means, at least eight characters (the longer, the better), have upper and lower-case letters, as well as numbers and special characters. Avoid using dictionary words and identifying information too. Remember to make all passwords unique to each website you use. Although this is a bit cumbersome with all the accounts we have these days, it’s really important to do it. This will limit your risk of having a stolen password reused on other sites, should it get stolen. This is a real risk and has been blamed for many data breaches.

Also, be sure to change any password and username combinations of any sites where those same credentials were used.

The exposed data in this case was found by security researcher Troy Hunt, who notified the company before publicizing it. To Ancestry’s credit, they took action to mitigate within 72 hours.

© Copyright 2018 Stickley on Security