Part of RootsWeb to go offline
The folks at Ancestry have taken a proactive security step of closing part of the RootsWeb service today after being notified of a security breach affecting one part of the RootsWeb service.
The security issue came from a part of RootsWeb that was closed some months ago. It turns out that, before it was closed, a security breach occurred — nobody knows exactly how — that resulted in the disclosure of about 300,000 username-password combinations from RootsWeb.
Of those, some 55,000 username-password combinations were the same as or similar to those of people who have also been Ancestry subscribers and/or purchasers of DNA kits. And of those, some 7,000 username-password combinations are still in active use at either Ancestry or AncestryDNA.
All of the active users will be notified by email and all will be required to set a new password the next time they log in to Ancestry.
Eric Heath, chief privacy officer at Ancestry, said that a thorough security check has not shown any evidence whatsoever of active exploitation of the data. No unusual activity at Ancestry and no breach of DNA data has been detected at all. Nobody can log in to RootsWeb and get access to Ancestry or AncestryDNA.
However, out of an abundance of caution, all parts of RootsWeb that might be impacted will be shuttered temporarily until a full security review can be completed and the service resumed with full confidence in the security of the domain.
The one part of RootsWeb that won’t be affected are the email lists. But folks with private or public family sites and the like will not be able to access them during the shutdown.
Heath wasn’t able to give an estimate on how long it might take to get all of RootsWeb back up and running, noting that the two priorities will be protecting the privacy of users and avoiding data loss on RootsWeb during the shutdown. Those tasks, particularly over the holiday period, may take longer than anyone wants but won’t be shorted just to get the service back online.
“Our first interest is the protection of our users,” Heath said. “That comes before anything else.”
If your log-in info was affected, you will get an email from Ancestry at the email address associated with your Ancestry or AncestryDNA account. If your email isn’t up to date, you may find out about this when you try to log in and are told you must reset your password.
And for more information, there’s a blog post at Ancestry.
Merry Christmas from the hackers…