Sussex County Genealogical Society - Rehoboth Beach, Delaware
Don't Forget to Like Us on Facebook
SCGS is a member of the Friends of the Delaware Archives
SCGS is a member of the Federation of Genealogical Societies
SCGS is an official Society in the 1940 Census Indexing Project
SCGS is a 501c3 Non-Profit Organization
The best part about genealogy
is searching for ancestors
and finding friends.
                                                                   Lawrence Dillard
Come to a place where we do both!



THE LEGAL GENEALOGIST:  Cybersecurity wakeup call
Judy G. Russell,
Change that password!
Ninety two million genealogists got another wake-up call yesterday about computer security with a big dollop of bad news eased by a bit of not so bad news.
That’s how many of us — The Legal Genealogist included — were among the subscribers whose names, emails and hashed passwords (more on what that means in a second) were found to have been hacked from the MyHeritage computers.
The announcement of the breach came from MyHeritage on its blog,1 and it has posted more information since then.2
Bottom line: a security researcher contacted MyHeritage and told the company he’d found a file named myheritage containing email addresses and hashed passwords, on a private server outside of MyHeritage. The company’s review showed it really was from MyHeritage and included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords.
That’s the bad news.
The not so bad news is that the passwords in the file were hashed. This is a form of data encryption “designed to act as a ‘one-way function’: A mathematical operation that’s easy to perform, but very difficult to reverse. Like other forms of encryption, it turns readable data into a scrambled cipher. But instead of allowing someone to decrypt that data with a specific key, as typical encryption functions do, hashes aren’t designed to be decrypted.”3
So far, there’s no indication that the hashing has been cracked at all, no indication that anything other than names and email addresses were in plain text, no financial or other data associated with the accounts included in the hacked data:
We believe the intrusion is limited to the user email addresses. We have no reason to believe that any other MyHeritage systems were compromised. As an example, credit card information is not stored on MyHeritage to begin with, but only on trusted third-party billing providers utilized by MyHeritage. Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised.4
So… what does that mean for us today?
It means we need to change our MyHeritage passwords. In fact, MyHeritage is expiring everybody’s password, meaning if you don’t change it — even if you signed up after October 2017 and aren’t affected by this — one day very soon the system will make you change it when you try to log in.
 
You can read more about this on the MyHeritage Blog, with the initial report here and the update with more information here.
And what else does this mean for us today?
We need to be conscious of security risks all the time online.
So… if you’re still using the same password on every site, stop it.
If you’re still using your mother’s maiden name as your password, stop it.
If you’re still using a short, easy-to-remember combination like your first name and the last four digits of your Social Security number, stop it.
Passwords need to be unique, strong (that means a combination of upper and lower case letters, numbers and characters like the exclamation point or asterisk) and frequently changed.
Got that?
Now go change your password.
 
SOURCES
1.“MyHeritage Statement About a Cybersecurity Incident,” MyHeritage Blog, posted 4 June 2018 (https://blog.myheritage.com/ : accessed 6 June 2018).
2.Ibid., “Cybersecurity Incident: June 5-6 Update,” posted 6 June 2018.
3.Andy Greenberg, “Hacker Lexicon: What Is Password Hashing?,” Wired, posted 8 June 2016 (https://www.wired.com/ : accessed 6 June 2018).
4.“Cybersecurity Incident: June 5-6 Update,” MyHeritage Blog, posted 6 June 2018.
©2018 The Legal Genealogist | Central New Jersey, USA



Sussex County Genealogical Society

Wants to Know .. What YOU
 
Would like to see and hear about at our Genie Bytes and Monthly Meetings.
 
We have several great speakers lined up for our meetings and are looking for suggestions.
 
Genie Bytes looks to enhance your search capabilities and discuss not only technical issues but aid in your research.
 
Let us know .. OK?   Send your suggestions to Webmaster@SCGSDelaware.org!
 



Featured
Tip of the Day by Michael John Neill
Want Great tips on Genealogy Research?

July 21
Monthly Meeting
Genealogy for Beginners - Part II Finding Vital Records Finding Census Records Analyze and Follow Your Clues
August 2
Discovering Your Roots - Part 4
Come join Us - Watch and Listen to: "Discovering Your Roots: An Introduction to Genealogy" Chapter 10 - Your Ancestors in State Records Chapter 11 - How to Write a Biography Chapter 12 - The Dos and Dont's of Writing ...
August 15
Roots Magic Software Support Group
During this session we will cover: "Web Tags - Online Links"  "Putting Your Family on Paper" "Pedigree Charts" "Family Group Sheets".
September 6
Discovering Your Roots - Part 5
Come join Us - Watch and Listen to: "Discovering Your Roots: An Introduction to Genealogy" Chapter 13 - Searching in Your Ancestors' Backyard Chapter 14 - Assembling an Account of Your Discoveries Chapter 15 - Extending Your Family Tree Overseas
October 22
DNA Testing & Genetic Genealogy
We will be using the Family Tree Guide to DNA Testing and Genetic Genealogy by Blaine T. Bettinger and will cover 2-3 chapters each week. It's available from Amazon, Kindle and from FamilyTreeMagazine.com.    This session covers Part 1, ...