MyHeritage Data Breach

If you are a MyHeritage customer, change your password. Now. Here’s how.

This is late breaking news.

If you were a MyHeritage user before October 27, 2017, your e-mail was included in a data breach at MyHeritage. MyHeritage was informed of this breach less than 6 hours ago.

MyHeritage is doing the right thing by making the breach public immediately. It appears that no financial or DNA information was involved, but the investigation is just beginning.

Read the MyHeritage blog article here.

TechCrunch reports here.

Change your password now.



I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

30 thoughts on “MyHeritage Data Breach

  1. They probably outsourced security on the cheap. How many of these things need to happen before the CEO’s think more about their company’s reputations, and less about this year’s bonus?

    Also, I have not been able to get WebHints for RootsMagic, RM tells me that they’re not getting anything sent to them from MyHeritage, and that’s been going on for over a week. It rings true, because I still get WebHints from FindMyPast, even though they’re nearly useless most of the time. I wonder if this has anything to do with it?

    MyHeritage looked like they were getting their act together, when this becomes public knowledge, they can kiss their DNA product goodbye.

  2. Yes, Thank You Roberta for keeping up with all of this for us.

    It’s an appropriate time to mention that it’s now trivial for me to frequently change passwords to as secure as sites will allow because I use KeePass. If you store your encrypted KeePass database on one of the cloud sites (I do) the db can be updated instantly from any device you’re using at the time as well as being available to any of your devices.
    (I have financial no interest in KeePass, and it’s free, open source, and implementations exist for most OS’s. I just LOVE it, is all!)

  3. I tried to delet all my information from MyHeritage after they billed me for over $200 upgrades I didn’t order. They told me I needed a special password they had sent me in an email when I first signed up. I had to hold for an hour to finally get to talk to someone about the charges they made to my card. They did not want to refund it but they did. First they said only half but I told them all and I meant it. I still have a tree there even though I deleted my account but I still get “smart matches” from them by email.

    • Yeah …. same thing happened to me a couple of years back. I agreed to the extra year at 50% discount …$72.00. They had to explain it in Kindergarten language to me and discovered they automatically bill everyone for the next year, unless you have cancelled it. So a month after accepting it at $72.00 I cancelled and I was able to continue until the end of that year, when they then asked me to join them again. Just never quite made it back as like you I get these smart matches ….. usually they appear to be what I put in and the other person is the one who benefited from it. Of course mostly one can not contact them unless one joins up again eh ….NOT!

  4. Password changed. Based on the level of exposure indicated in the TechCrunch article you linked, it may be that persons who do not maintain an adequate password policy might be better off learning that their approach is inadequate, and a couple of reasonable ways to address that inadequacy, rather than (better, in addition to) spending time changing this single MyHeritage password. A primer for online genetic genealogists on sensible password strategies, at about the level of your treatment of Facebook privacy policy, would do the community a lot of good. Thank you for your leadership here.

  5. Once again, Roberta, I can count on you for the quickest and most accurate information concerning Genealogy on all levels. Thanks for the heads up! Already changed my password and shared the information on my FB page!

  6. Roberta, you’re absolutely amazing. I got this from you before receiving anything from anyone else. My MyHeritage account is linked to my account. Both have my email address but who do I get a notice from first? Hmmm How is it you’re on top of things and the vendor isn’t? Just shows who we can trust the most to furnish us time sensitive information like this. I’m so glad your blog posts come directly to my email inbox. Once again, thank you for taking such good care of us.

  7. Thanks Roberta! I am changing all my passwords and going old school, writing them down in a note book with some form of encryption in case the notebook gets stolen.

  8. Roberta, I’m sorry that I didn’t see this posting about MyHeritage on June 5th, until today!.
    Like many others, I responded to MyHeritage in 2016 and uploaded my raw Ancestry DNA file and a GEDCOM of my Ancestry family tree. I didn’t see many results at first, but I replied to some MyHeritage instant matches them for awhile to help them build their database.
    After reading you blogs during 2018 RootsTech, I decided to take a closer look at MyHeritage and was happy to find a couple of new close DNA matches and use their new chromosome browser results to plug into my new profile in my site. I was so impressed, that I’ve been telling some of my cousins to take a look at MyHeritage.
    Then yesterday, when I tried to log into MyHeritage, I got a message that my password had been cancelled and to create a new password. I hate creating new passwords, so I closed the page and tried to reopen and log in again and after several tries, I followed their procedure and gave them my email address and waited for a reply from them. I never received the reply that they
    promised and tried again several times.
    Then I tried calling them and was told I must enter an account number and was ut off at every turn.
    I then sent an email to their customer support and got no response. Today I sent them a message through their Support page and still haven’t received a reply.

    I have been working in family history for more than 30 years and in genetic genealogy since sending in my 1st sample to Ancestry DNA in 2012. I have also been an LDS family history consultant for 18 years and am entitled to free FamilySearch Partner accounts with FTDNA, findmyPast and MyHeritage
    After this experience, I looked back and read that you had seen some other people have some similar problems with MyHeritage back in 2017.
    None of the other companies has ever treated me like this before, but I know that you are aware that this type of treatment will not be taken well in either the family history, or genetic genealogy communities and MyHeritage needs to be warned that when word gets out about a company not responding to legitimate problems, it will hurt their bottom line!

  9. I hope you are right Roberta, but why can’t their system just automatically respond by mailing the necessary information or code to change my password. I am unable to log in to change my password, because my password was cancelled overnight without any warning. Every other site that I’ve used has that simple automatic reply. This is looking to me just like the old promise and renege problem that you wrote about in 2017.

Leave a Reply