Jump to content


Photo

myheritage data breach and RM


  • Please log in to reply
7 replies to this topic

#1 Jerry Bryan

Jerry Bryan

    Advanced Member

  • Members
  • PipPipPip
  • 3088 posts

Posted 08 June 2018 - 03:02 PM

I have been notified that my myheritage account and hashed password were a part of the myheritage data breach. The actual consequences seem very minor, since the stolen password was hashed and no personal or financial data was breached. Also, I don't keep any genealogical data at myheritage. I only use myheritage for the WebHints. Nevertheless, I did change my myheritage password, just in case. Also, myheritage has introduced two factor sign-in authentication, and I am considering turning it on.

 

That raises two questions about RM:

  • Is it possible to tell RM about my new myheritage password without doing a CTL-U? I don't think so, but I could be wrong. I really dislike the CTL-U mechanism because it's not selective. It resets all RM options and there is no way to reset just one RM option, such as the saved myheritage password. Hence, I find CTL-U to be very disruptive.
  • If I turn on myheritage's two factor sign-in authentication, will I still be able to to use myheritage's WebHints?

 

Jerry

 



#2 Renee Zamora

Renee Zamora

    Advanced Member

  • Support
  • PipPipPip
  • 7956 posts

Posted 08 June 2018 - 03:23 PM

The MyHeritage WebHint don't require a login in RootsMagic to work. Under Tools>File Options>MyHeritage an email is only needed if you are wanting to filter out your own MyHeritage tree hints. You can simply add a different email address if you needed to. 

 

That said, the MyHeritage API last I checked was not sending WebHints to RM. It had nothing to do with their data breach. They are currently working on this issue. Which given what happened after the WebHints broke their developers might be pretty busy right now.


Renee
RootsMagic

#3 Rooty

Rooty

    Advanced Member

  • Members
  • PipPipPip
  • 80 posts

Posted 09 June 2018 - 02:45 PM

Hackers may not have gotten financial or password information but they now have 92 million email addresses to spam, phish, sell and otherwise harm.Valid email addresses are hard to get and this was a gold mine. The safety of financial information is also suspect when you consider the source of the reasurances--someone who did not realize they were hacked for eons.



#4 cj1260

cj1260

    Member

  • Members
  • PipPip
  • 13 posts

Posted 11 June 2018 - 04:23 PM

Just an fyi...It appears that MyHeritage  did not specify the hashing algorithm that they used. Some hashes are insecure and easily reversed and thus can provide the actually password to a hacker. MyHeritage initially only asked people to change their password voluntarily but then changed it's stance and began resetting all passwords. This makes me think that their hashes were not very strong. So if you used the same password on MyHeritage and then also on other sites, I would make sure I changed them all.



#5 Don Newcomb

Don Newcomb

    Advanced Member

  • Members
  • PipPipPip
  • 1008 posts

Posted 13 June 2018 - 03:42 PM

This is one example that serves to validate my practice of never uploading any information about living people to any web-based service, even if they promise to protect it. 



#6 Vyger

Vyger

    Advanced Member

  • Members
  • PipPipPip
  • 3202 posts

Posted 13 June 2018 - 05:20 PM

I restrict particular fact types as Private via SQL so as not to upload them to Ancestry etc. A large database can contain a gold mine of information easily parsed when converted to gedcom if someone wished to go to the trouble.

 

I do hope Rootsmagic take user concerns seriously and facilitated Privatizing Fact Types to protect user data.


Strength and growth come only through continuous effort and struggle. ...

 

 

Current user of Rootsmagic version 7.5.7.0, Family Tree Maker 2014 and Legacy 7.5 on Win 10

 

Excel to Gedcom conversion - simple getting started tutorials here

 

Root


#7 BradleyinDC

BradleyinDC

    Advanced Member

  • Members
  • PipPipPip
  • 65 posts

Posted 23 June 2018 - 05:11 PM

This is one example that serves to validate my practice of never uploading any information about living people to any web-based service, even if they promise to protect it. 

 

Yes!



#8 Jerry Bryan

Jerry Bryan

    Advanced Member

  • Members
  • PipPipPip
  • 3088 posts

Posted 23 June 2018 - 07:42 PM

The MyHeritage WebHint don't require a login in RootsMagic to work. Under Tools>File Options>MyHeritage an email is only needed if you are wanting to filter out your own MyHeritage tree hints. You can simply add a different email address if you needed to. 

 

I had meant to follow up with a short note after RM 7.5.7 fixed the MyHeritage WebHints problem. I was reluctant to post without being able to test. I forgot to follow up at the time and so I'm following up now.

 

I couldn't remember if RM logs on to MyHeritage for you or not. It doesn't (Renee is always right about such things!), so there was no MyHeritage password to change in RM and no CTL-U to have to go through in RM. It is therefore correct that MyHeritage WebHints don't require a login in RM to work. But they do require a login to MyHeritage to work. So after MyHeritage WebHints were working again, I just changed my MyHeritage password at the MyHeritage site as required by the breach, logged in to MyHeritage, and all was well. It was really a non-event from the RM side of the house.

 

Jerry