Wednesday, August 15, 2018

MyHeritage breach: Those are my credentials!




The attackers are consistently looking for a business’ crown jewels to exfiltrate. Data, in general, tend to be the target with these attacks. Once secured, the attackers may sell, or use this for their own advantage. Of particular interest in the last few years has been a person’s DNA and family history.

This service has grown in use as people may not know their family history. They want to gain a greater grasp of their heritage. The DNA test is a tool to gain a portion of this information.

Target
There are a number of services to get this data for the consumer. One of these is MyHeritage, a web-based genealogy and DNA testing service. As the tenants send in the DNA samples, and these are processed, the business keeps the data on their servers. The attack targeted their business user’s login credentials and used this for the various malicious ends.

Attacks
The system where the data was held was compromised on October 26, 2017. The attackers were able to exfiltrate email addresses and hashed passwords. These were held on a private server, not under the company’s control. There were over 92M affected users. Fortunately, the DNA report results were stored on a different system. This other system had more defences in place. The business had not detected how this was done.

Post-Attack 
The business did not know the attack’s method or the business had been compromised. The business was notified by a non-associated security researcher. The third party researcher noted they detected a file was located on a private server. There had been no evidence yet the data itself had been used for malicious purposes. After the attack, in an attempt to increase the defence, TFA (two-factor analysis) was implemented at a quicker pace.

Resources
Afifi-Sabet, K. (2018, June 6). MyHeritage suffers massive data leak affecting 92M users. Retrieved from http://www.itpro.co.uk/data-breaches/31254/myheritage-suffers-massive-data-leak-affecting-92m-users

Chalfant, M. (2018, June 5). Genealogy platform says hackers stole data on 92M users. Retrieved from http://thehill.com/policy/cybersecurity/390799-genealogy-platform-says-hackers-stole-data-on-92m-users

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)