RootsWeb, a free community-driven collection of tools used to host and share genealogical information, is the latest online site to fall victim to a data leak. Ancestry, who has been hosting RootsWeb for the community since 2000, delivered news of the leak via its blog.

The exposure of the data was brought to Ancestry’s attention by Troy Hunt. Hunt indicated the data contained plaintext passwords, and Ancestry told Threatpost it believed the data was exposed in November 2015.

Details on the Leaked Data

A blog post by Tony Blackham, Chief Information Security Officer at Ancestry, provided the following information:

  • On December 20, Ancestry was alerted regarding the file that contained email addresses/username and password combinations as well as user names from a server.
  • Ancestry began a forensic investigation of RootsWeb’s systems to determine the source of the data and identify any potential active exploitation of the system. They confirmed that the file contains information related to users of Rootsweb’s surname list information, a service Ancestry retired earlier this year.
  • Ancestry believes the intrusion was limited to the surname list, where someone was able to create the file of older RootsWeb usernames and passwords as a direct result of how part of this open community was set up.
  • RootsWeb does not host sensitive information like credit card numbers or social security numbers.
  • Ancestry is in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate.
  • Ancestry discovered that approximately 55,000 customers used the same credentials at RootsWeb’s surname list and Ancestry. Ancestry locked these Ancestry accounts and is requiring that these customers create a new password the next time they visit.
  • Ancestry has temporarily taken RootsWeb offline, and is working to save and preserve data.  They did note that they may not be able to salvage everything.

Comprehensive Response, but Disgruntled Users

Ancestry provided a quick and very detailed response on their blog, with information on what happened, what Ancestry has done in response, what customers should do, and a summary of Ancestry’s ongoing activities.

In addition, they took steps to require a password reset by customers who used the same credentials at both RootsWeb and Ancestry.

Unfortunately, the due diligence required as a result of the leak has impacted users of the site. The RootsWeb site displays a message indicating it is down and notes that Ancestry hopes to have an update “within a few weeks”. The blog post by Ancestry’s CISO currently has over 200 comments posted in response, with most urging for the preservation of data and a quick return of the RootsWeb site. Click below to learn more about Teramind.

Insider Threat Detection