Slashdot Mirror
300,000 Users Exposed In Ancestry.com Data Leak (threatpost.com)
Dangerous_Minds shares a report from ThreatPost: Ancestry.com said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet. In a statement issued over the weekend, Chief Information Security Officer of Ancestry.com Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server. On Wednesday, Ancestry.com told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb's infrastructure, and is not linked to Ancestry.com's site and services. Ancestry.com said RootsWeb has "millions" of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards. The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server. "Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers," Blackham wrote.
What is this, jump on the "we exposed data" bandwagon... but seriously, for Christ sake, this is over 2 years ago. It makes you look stupid, inept or nefarious for failing to report for so long.
The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers.
Yeah, nothing sensitive and unchangeable such as a giant database of everyone's mother's maiden name, which is never ever used to "protect" access to credit card data.
I'm not surprised that they lost data. It's not even the first time.
I signed up ages ago with a unique email address in 2007 only used to sign up for their service with all partner offers and marketing choices if there were any set to no. Format of user-randomstring@domain.com
I started getting spam to their unique tag years ago so they lost data before. I may have kept a sample of the first spam but I think it was in 2008-2009 timeframe.
I'm sure they can easily change that.
-- Tigger warning: This post may contain tiggers! --
Mwa-ha-ha-haaaa !
Just kidding (for now) . . .
It is inevitable that genetic databases will be used by desperate rich people needing transplants.
I was thinking about sending in my sample anonymously . . . ;(
Then, I realized that I would be easily identified from my family who had sent in samples
Why would anyone design a system that actually stores the password? You hash the password, destroy the password, then move on.
Maybe it is too hard to write a hash because there are none available in libraries.....oh ....never mind.
Fight Spammers!
Mwa-ha-ha-haaaa ! Just kidding (for now) . . . It is inevitable that genetic databases will be used by desperate rich people needing transplants.
I was thinking about sending in my sample anonymously . . . Then, I realized that I would be easily identified from my family who had sent in samples ;(
Don't forget law enforcement. Even if they couldn't use DNA evidence directly, if a match comes up, you can use parallel construction so you know exactly who you want to go after. They would love as many DNA samples as they can get.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Ancestry.com is owned by Permira, a European private equity firm that bought the company several years ago. Due to its location there are obviously many members of the LDS church who work there, just as there would be many Catholics and Baptists working for just about any large corporation located in most parts of Texas. There are also many people of other faiths or no religious affiliation at all that work at the company. And none of this has anything to do with the fact that the original post was just someone being a bigot.
When you were taught logical fallacies, I think you may have been mistaken in imagining that they were good things.
The world's burning. Moped Jesus spotted on I50. Details at 11.
There's that, plus the ability to pin a crime on anyone in a (half-decent) DNA database. Why? Because scientists are getting really good at creating DNA (and what have you) from recipes (electronic encoded information).
Just throw some DNA in the CRISPR, wait a day or two, and you have DNA evidence!
1+ for federal law enforcement needing DNA from kin without going anywhere legal near their suspect.
Dont want to go into local small town courts, gov, look at paper records in fly over country? Mentioning names and looking for records? That town worker might gossip about the DoJ asking for paperwork on well respected locals.
Do it digitally and get the DNA needed from one person near the suspect. No need to drive and fly out too many times to get records and risk questions by locals.
Just one time to get the actual sample from kin without anyone knowing. Keeps the secret of who is been looked at a more of secret as nobody has done any data requests on that name.
Domestic spying is now "Benign Information Gathering"
Re "plus the ability to pin a crime on anyone in a (half-decent) DNA database."
The other issue is that of low and mid ranking DoJ doing DNA work and the resulting random US wide federal database results.
Say a person did something bad in the 1970's. DNA is fully recovered from a stamp, letter related to the crime in 2017.
Put the new results of advance DNA recovery into some federal database and see if anyone related is in the US federal criminal/mil/federal DNA system.
Get some new names and start searching federal databases. Who was who in 1970's and if that interesting person is still alive.
Suddenly the investigative team is looking some part of the extended family of a well respected state/federal judge in 1950-70's. That family has now advanced up the US political power structure a generation or two later.
The crime was was never expected to be reopened.
The investigative team induces FBI database search protections that protected lists of powerful names from been investigation by low ranking bribed officials.
Enter the wrong name and the police who went searching get investigated.
By using the private sector until the actual names are discovered, its much more easy to keep case work from been questioned internally.
DNA is wonderful to solve a decades of working class crime. A much more powerful family may not like their past been openly investigated.
Domestic spying is now "Benign Information Gathering"
Ancestry.com is owned by Permira, a European private equity firm that bought the company several years ago. Due to its location there are obviously many members of the LDS church who work there, just as there would be many Catholics and Baptists working for just about any large corporation located in most parts of Texas. There are also many people of other faiths or no religious affiliation at all that work at the company. And none of this has anything to do with the fact that the original post was just someone being a bigot..
Perhaps a bit off topic, but the company may make some profit by selling your DNA data to health insurers. Not sure if this is true. One of the provisions of the Affordable Care Act (Obama care) is that insurers can't deny coverage due to a previous condition. Knowledge of a genetic disposition for some condition that might be expensive to treat would be useful to insurers if the ACA goes away as some members of Congress want.
In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
Yes, but as stated in the summary, 55,000 of the leaked rootsweb credentials had matching credentials on the ancestry part, and 7000 of those are actively-used current accounts. Probably at least a portion of the 55,000 use or have used the DNA part of ancestry. DNA has been all the rage at genealogy shows and conferences the past few years.
Once DNA tests are mobile enough to be done on-site in a few minutes, there may be very few types of crimes (even minor infractions) that law enforcement won't see fit to use DNA to "solve."