/

What happened in the Ancestry data breach?

What happened in the Ancestry data breach?

Twingate Team

Feb 22, 2024

In December 2017, Ancestry encountered a significant security breach within its subsidiary, RootsWeb, impacting thousands of users. This incident came to light after a security researcher discovered and reported a publicly accessible file on a RootsWeb server.

How many accounts were compromised?

The breach impacted approximately 297,000 email and password combinations.

What type of data was leaked?

The leaked data included email addresses and passwords. Notably, RootsWeb does not host sensitive information such as credit card numbers or social security numbers.

How was Ancestry hacked?

The breach occurred due to a file containing user data being publicly exposed on a RootsWeb server. Ancestry believes the data was exposed in November 2015, and it resided on RootsWeb’s infrastructure, separate from Ancestry.com’s main services. The exact cause of how and why the data was insecurely stored on the server was not specified.

Ancestry’s solution

Following the discovery of the breach, Ancestry temporarily took RootsWeb offline to implement new security measures. Affected users had their accounts locked and were required to create a new password upon their next login.

How do I know if I was affected?

Ancestry notified users whose data was exposed in the breach. Concered users can verify whether their data has been affected by consulting HaveIBeenPwned, a platforma that monitors data breaches and can notify users if their information has been disclosed in recognized data leaks.

What should affected users do?

If you suspect your RootsWeb account was compromised in the Ancestry.com data breach, you should take the following steps:

  1. Change Your RootsWeb Password: Immediately update your password to a strong, unique one that you do not use for any other account.

  2. Monitor Your Email Account: Given that email addresses were exposed, keep a close eye on your email account for unusual activities or unauthorized access.

  3. Be Alert for Phishing Attempts: Watch out for suspicious emails or communications that purport to be from RootsWeb or Ancestry.com, especially those that ask for personal information.

  4. Review Account Security Settings: Check your account settings on RootsWeb and other related Ancestry.com services to ensure no changes have been made without your permission.

For additional support or to report suspicious activity, you can contact Ancestry support.

Where can I go to learn more?

For more information on the Ancestry data breach and recommendations for data protection, you can refer to the following resources:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

What happened in the Ancestry data breach?

What happened in the Ancestry data breach?

Twingate Team

Feb 22, 2024

In December 2017, Ancestry encountered a significant security breach within its subsidiary, RootsWeb, impacting thousands of users. This incident came to light after a security researcher discovered and reported a publicly accessible file on a RootsWeb server.

How many accounts were compromised?

The breach impacted approximately 297,000 email and password combinations.

What type of data was leaked?

The leaked data included email addresses and passwords. Notably, RootsWeb does not host sensitive information such as credit card numbers or social security numbers.

How was Ancestry hacked?

The breach occurred due to a file containing user data being publicly exposed on a RootsWeb server. Ancestry believes the data was exposed in November 2015, and it resided on RootsWeb’s infrastructure, separate from Ancestry.com’s main services. The exact cause of how and why the data was insecurely stored on the server was not specified.

Ancestry’s solution

Following the discovery of the breach, Ancestry temporarily took RootsWeb offline to implement new security measures. Affected users had their accounts locked and were required to create a new password upon their next login.

How do I know if I was affected?

Ancestry notified users whose data was exposed in the breach. Concered users can verify whether their data has been affected by consulting HaveIBeenPwned, a platforma that monitors data breaches and can notify users if their information has been disclosed in recognized data leaks.

What should affected users do?

If you suspect your RootsWeb account was compromised in the Ancestry.com data breach, you should take the following steps:

  1. Change Your RootsWeb Password: Immediately update your password to a strong, unique one that you do not use for any other account.

  2. Monitor Your Email Account: Given that email addresses were exposed, keep a close eye on your email account for unusual activities or unauthorized access.

  3. Be Alert for Phishing Attempts: Watch out for suspicious emails or communications that purport to be from RootsWeb or Ancestry.com, especially those that ask for personal information.

  4. Review Account Security Settings: Check your account settings on RootsWeb and other related Ancestry.com services to ensure no changes have been made without your permission.

For additional support or to report suspicious activity, you can contact Ancestry support.

Where can I go to learn more?

For more information on the Ancestry data breach and recommendations for data protection, you can refer to the following resources:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

What happened in the Ancestry data breach?

Twingate Team

Feb 22, 2024

In December 2017, Ancestry encountered a significant security breach within its subsidiary, RootsWeb, impacting thousands of users. This incident came to light after a security researcher discovered and reported a publicly accessible file on a RootsWeb server.

How many accounts were compromised?

The breach impacted approximately 297,000 email and password combinations.

What type of data was leaked?

The leaked data included email addresses and passwords. Notably, RootsWeb does not host sensitive information such as credit card numbers or social security numbers.

How was Ancestry hacked?

The breach occurred due to a file containing user data being publicly exposed on a RootsWeb server. Ancestry believes the data was exposed in November 2015, and it resided on RootsWeb’s infrastructure, separate from Ancestry.com’s main services. The exact cause of how and why the data was insecurely stored on the server was not specified.

Ancestry’s solution

Following the discovery of the breach, Ancestry temporarily took RootsWeb offline to implement new security measures. Affected users had their accounts locked and were required to create a new password upon their next login.

How do I know if I was affected?

Ancestry notified users whose data was exposed in the breach. Concered users can verify whether their data has been affected by consulting HaveIBeenPwned, a platforma that monitors data breaches and can notify users if their information has been disclosed in recognized data leaks.

What should affected users do?

If you suspect your RootsWeb account was compromised in the Ancestry.com data breach, you should take the following steps:

  1. Change Your RootsWeb Password: Immediately update your password to a strong, unique one that you do not use for any other account.

  2. Monitor Your Email Account: Given that email addresses were exposed, keep a close eye on your email account for unusual activities or unauthorized access.

  3. Be Alert for Phishing Attempts: Watch out for suspicious emails or communications that purport to be from RootsWeb or Ancestry.com, especially those that ask for personal information.

  4. Review Account Security Settings: Check your account settings on RootsWeb and other related Ancestry.com services to ensure no changes have been made without your permission.

For additional support or to report suspicious activity, you can contact Ancestry support.

Where can I go to learn more?

For more information on the Ancestry data breach and recommendations for data protection, you can refer to the following resources: