Ancestry released a security update regarding a breach of username and password combinations for some of its users. The combinations were related to users of RootsWeb’s surname list information, a service retired earlier this year, hosted on a server. The file contained 300,000 email/username and password combinations; however, only approximately 55,000 of those were used for active Ancestry sites, many of which are from free trial or unused accounts. Ancestry’s investigation revealed about 7,000 of the email/username and password combinations matched credentials for active Ancestry customers. During the investigation, their team found additional usernames unrelated to this breach. Ancestry will notify all users whose information was exposed via the server. The accounts of the 55,000 active users of Ancestry sites will be locked and require users to establish new passwords when they attempt to log in. Ancestry has also taken the server offline, temporarily. The NJCCIC recommends users of Ancestry sites update their account passwords immediately, as well as login credentials to any accounts that share the same password, and enable multi-factor authentication where available.

Data BreachNJCCICAncestry