Get in touch now on

+61 7 3480 5121

Blog
Leaky RootsWeb Server Exposes Some Ancestry.com User Data
27 December, 2017
This post was originally published on this site
http://trtpost.wpengine.netdna-cdn.com/files/2017/10/leaking_servers.png

Ancestry.com said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet.

In a statement issued over the weekend, Chief Information Security Officer of Ancestry.com Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server.

“Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers,” Blackham wrote.

On Wednesday, Ancestry.com told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb’s infrastructure, and is not linked to Ancestry.com’s site and services. Ancestry.com said RootsWeb has “millions” of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards.

The company said RootsWeb doesn’t host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server.

Another data breach from years ago, this time from one of @Ancestry‘s services. Really impressed with the way they handled this: I got in touch with them bang on 72 hours ago and they’ve handled it in an exemplary fashion https://t.co/9qo7LIUQy4

— Troy Hunt (@troyhunt) December 23, 2017

The exposure of data was first brought to Ancestry.com’s attention on Dec. 20 when Troy Hunt, who runs the data breach repository HaveIBeenPwned.com, reported to the company the existence of the file on RootsWeb’s server.

According to

read more ...

What our
Clients say

Product Finder

Search for products that match of these criteria:

 + Add row
Price:
System Diagnostic

  • Do you have five or more computers?
  • Do you have a server?
  • Is your data critical to your business?
  • Do you think IT could perform better?
  • Are you concerned about your IT security?
  • Do you need to be kept up to date?
  • Would you like your IT maintained?
Product Finder

Search for products that match of these criteria:

 + Add row
Price:

FREE UPDATES



CONTACT US

Phone:07 3480 5121

Address: 8 - 37 Flinders Parade, North Lakes

QLD 4509 Australia

Post: PO Box 128, Burpengary

QLD 4505 Australia