Jump to content


myheritage data breach and RM

  • Please log in to reply
5 replies to this topic

#1 Jerry Bryan

Jerry Bryan

    Advanced Member

  • Members
  • PipPipPip
  • 2931 posts

Posted 08 June 2018 - 03:02 PM

I have been notified that my myheritage account and hashed password were a part of the myheritage data breach. The actual consequences seem very minor, since the stolen password was hashed and no personal or financial data was breached. Also, I don't keep any genealogical data at myheritage. I only use myheritage for the WebHints. Nevertheless, I did change my myheritage password, just in case. Also, myheritage has introduced two factor sign-in authentication, and I am considering turning it on.


That raises two questions about RM:

  • Is it possible to tell RM about my new myheritage password without doing a CTL-U? I don't think so, but I could be wrong. I really dislike the CTL-U mechanism because it's not selective. It resets all RM options and there is no way to reset just one RM option, such as the saved myheritage password. Hence, I find CTL-U to be very disruptive.
  • If I turn on myheritage's two factor sign-in authentication, will I still be able to to use myheritage's WebHints?




#2 Renee Zamora

Renee Zamora

    Advanced Member

  • Support
  • PipPipPip
  • 7702 posts

Posted 08 June 2018 - 03:23 PM

The MyHeritage WebHint don't require a login in RootsMagic to work. Under Tools>File Options>MyHeritage an email is only needed if you are wanting to filter out your own MyHeritage tree hints. You can simply add a different email address if you needed to. 


That said, the MyHeritage API last I checked was not sending WebHints to RM. It had nothing to do with their data breach. They are currently working on this issue. Which given what happened after the WebHints broke their developers might be pretty busy right now.


#3 Rooty


    Advanced Member

  • Members
  • PipPipPip
  • 60 posts

Posted 09 June 2018 - 02:45 PM

Hackers may not have gotten financial or password information but they now have 92 million email addresses to spam, phish, sell and otherwise harm.Valid email addresses are hard to get and this was a gold mine. The safety of financial information is also suspect when you consider the source of the reasurances--someone who did not realize they were hacked for eons.

#4 cj1260


    New Member

  • Members
  • Pip
  • 4 posts

Posted 11 June 2018 - 04:23 PM

Just an fyi...It appears that MyHeritage  did not specify the hashing algorithm that they used. Some hashes are insecure and easily reversed and thus can provide the actually password to a hacker. MyHeritage initially only asked people to change their password voluntarily but then changed it's stance and began resetting all passwords. This makes me think that their hashes were not very strong. So if you used the same password on MyHeritage and then also on other sites, I would make sure I changed them all.

#5 Don Newcomb

Don Newcomb

    Advanced Member

  • Members
  • PipPipPip
  • 993 posts

Posted 13 June 2018 - 03:42 PM

This is one example that serves to validate my practice of never uploading any information about living people to any web-based service, even if they promise to protect it. 

#6 Vyger


    Advanced Member

  • Members
  • PipPipPip
  • 3053 posts

Posted 13 June 2018 - 05:20 PM

I restrict particular fact types as Private via SQL so as not to upload them to Ancestry etc. A large database can contain a gold mine of information easily parsed when converted to gedcom if someone wished to go to the trouble.


I do hope Rootsmagic take user concerns seriously and facilitated Privatizing Fact Types to protect user data.

"Never, for the sake of peace and quiet, deny your own experience or convictions"

— Dag Hammarskjold


Current user of Rootsmagic version, Family Tree Maker 2014 and Legacy 7.5 on Win 10


Excel to Gedcom conversion - simple getting started tutorials here