ONCE MORE OUT OF THE BREACH: 92 million MyHeritage users had their data quietly swiped. “Company learned of the attack when a security researcher sent a data file.”

Email addresses and hashed passwords of more than 92 million MyHeritage users were exposed in a cybersecurity breach on October 26, 2017, the popular genealogy company reported Monday, June 4, 2018.

MyHeritage said that it only learned of the breach earlier that day—more than seven months after the fact—when an unidentified “security researcher” sent the company’s chief information security officer a message. The researcher said they had found a file containing users’ data on a private server and passed a copy of the file along.

MyHeritage, which allows users to set up family trees and probe their DNA for clues about their ancestry, promptly reported the breach in a blog post.

But:

So far, MyHeritage is optimistic that the breach’s damage was limited. The company said that it seems as though email addresses were the only data affected and no evidence suggests that the data was used for any nefarious purpose. It also noted that it doesn’t store credit card information, relying on third-party billing companies. And other sensitive information, such as DNA data and family trees, are stored separately from email addresses and have extra layers of security.

That’s a relief.