RootsWeb.com, a free genealogical community site and subsidiary server of Ancestry, announced over the weekend that a file containing emails and login credentials of 300,00 users had been exposed. An outside researcher discovered the leak and alerted the company on December 20.
According to a blog post by Ancestry, the emails and passwords within the file were affiliated with a retired surname list service, and only 55,000 used the same credentials for Ancestry and RootsWeb.com. At least 7,000 of the exposed login credentials were of active Ancestry users. While RootsWeb.com is a free service, Ancestry does charge for some services.
Ancestry stated that RootsWeb.com does not contain credit card or valuable personal information and that they do not believe that any other Ancestry server or website has been breached. They are currently working with law enforcement to uncover the source of the leak, and are reaching out to all affected customers. Customers whose login credentials were compromised will need to create new ones to use their accounts.
As of time of writing, RootsWeb.com is unavailable due to infrastructure upgrades. “As RootsWeb is a free and open community that has been largely built by its users, we may not be able to salvage everything as we work to resolve this issue and enhance the RootsWeb infrastructure” Ancestry stated in their post.
Latest posts by Ben Canner (see all)
- Business Identity Management Advice For After the Coronavirus - March 30, 2020
- How Identity Governance Works for Enterprises: A Quick Primer - March 27, 2020
- The Coronavirus Identity Management Survival Guide for Businesses - March 25, 2020