Dangerous_Minds shares a report from ThreatPost: Ancestry.com said it closed portions of its community-driven genealogy RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet. In a statement issued over the weekend, Chief Information Security Officer of Ancestry.com Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server. On Wednesday, Ancestry.com told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb’s infrastructure, and is not to Ancestry.com’s and services. Ancestry.com said RootsWeb has “millions” of members who the site to share family , post user-contributed databases and host thousands of messaging boards. The company said RootsWeb doesn’t host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server. “Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers,” Blackham wrote.


Share on Google+

Read more of this story at Slashdot.

Related posts: