MyHeritage Ltd.

On October 26, 2017, MyHeritage Ltd., a genealogy and DNA testing company, suffered a significant data breach exposing the email addresses and hashed passwords of approximately 92,283,889 users. The incident was discovered in June 2018 when a security researcher found a file named *myheritage.com* on a private server outside the company’s infrastructure. While the breach involved a massive volume of user credentials, MyHeritage clarified that no highly sensitive personal data such as DNA records, payment information, or other personally identifiable information (PII) was compromised. The company responded by notifying affected users, enforcing password resets, and implementing additional security measures, including two-factor authentication (2FA). The breach highlighted vulnerabilities in third-party storage practices and underscored the risks of credential exposure, even when data is hashed. Although no direct financial or identity theft consequences were reported, the scale of the breach posed reputational risks and raised concerns about potential downstream attacks, such as credential stuffing or phishing campaigns targeting users with reused passwords.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-137155

TPRM report: https://www.rankiteo.com/company/geni-com

"id": "gen950091725",
"linkid": "geni-com",
"type": "Breach",
"date": "10/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '92,283,889',
                        'industry': 'Genealogy / Consumer DNA Testing',
                        'location': 'Israel (HQ), Global Operations',
                        'name': 'MyHeritage Ltd.',
                        'type': 'Company'}],
 'data_breach': {'data_encryption': 'Hashed (passwords)',
                 'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '92,283,889',
                 'personally_identifiable_information': 'No',
                 'sensitivity_of_data': 'Low (no sensitive personal data '
                                        'accessed)',
                 'type_of_data_compromised': ['email addresses',
                                              'hashed passwords']},
 'date_detected': '2017-10-26',
 'date_publicly_disclosed': '2018-06-15',
 'description': 'The California Office of the Attorney General reported that '
                'MyHeritage Ltd. experienced a data breach on October 26, '
                '2017, affecting approximately 92,283,889 users. The breach '
                'involved email addresses and hashed passwords; however, no '
                'sensitive personal data was believed to be accessed.',
 'impact': {'data_compromised': ['email addresses', 'hashed passwords']},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'California Office of '
                                                       'the Attorney General'},
 'title': 'MyHeritage Data Breach (2017)',
 'type': 'Data Breach'}

MyHeritage Ltd.

Pass’Sport: Have I Been Pwned’s Post

Pax8: Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners

Kaiser Permanente: Kaiser Permanente reaches $46 million settlement over data breach — how to file your claim