Millions of DNA Are Potentially at The Mercy of Hackers

in #writing6 years ago

The emails and the passwords fingerprints users’ of MyHeritage DNA were found on a "private server". The DNA test company advises its customers to immediately change their secret codes.

hjhj.jpg

DNA tests devoted to genealogical research are very fashionable. Unfortunately, the data security of users is not necessarily up to the stakes. One of the companies in the industry, MyHeritage DNA, has just revealed a huge data leak. The identifiers of 92 million users have been found somewhere "on a private server" by a security researcher who has alerted the company.

This data leak occurred on October 26, 2017 but the details of this incident are not known yet. The company insist that the DNA data and the banking data are not affected. Only identifiers were stolen: emails and passwords. The company explains that data’s were hashed, transformed into cryptographic fingerprints from which it is theoretically impossible to find the original passwords.

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

Password security is not assured

But a doubt persists on the solidity of these fingerprints. MyHeritage does not specify which technique has been used to hash these passwords. The company only explains that "the hash key is different for each user". This suggests the use of a "cryptographic salt", a technique that involves adding random characters in passwords before performing the calculation of the fingerprint. This slows down brute force attacks, but it's not always enough. The security of the fingerprint also depends on the algorithm used. Unfortunately, this information was not provided by MyHeritage. Users have every interest in changing their passwords as quickly as possible.

To reassure its users, MyHeritage specifies that a dual authentication option will be available soon. This is great because it enhances the authentication process and limits the risk in case of lost passwords. However, this does not protect the company from the piracy of its DNA databases. In his press release, he has pointed out that these are stored "on separate systems" benefiting from "additional layers of security". Hoping this is true.

The DNA tests have recently been leaked a lot of ink after the resolution of a murder case in the United States. To identify the killer, the police would have relied on an open source DNA database called GEDmatch

DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif

#blog #security #hacking #dna
6 years ago in #writing by
$10.23
  • Past Payouts $10.23, 0.00 TRX
  • - Author $7.87, 0.00 TRX
  • - Curators $2.37, 0.00 TRX
16 votes
Reply 0

Coin Marketplace

STEEM 0.28
TRX 0.11
JST 0.034
BTC 66038.71
ETH 3178.89
USDT 1.00
SBD 4.05