RootsWeb.com File Exposes 300,000 Login Credentials

rootsweb-data-file-credentials-leak

RootsWeb.com, a free genealogical community site and subsidiary server of Ancestry, announced over the weekend that a file containing emails and login credentials of 300,00 users had been exposed. An outside researcher discovered the leak and alerted the company on December 20.  

According to a blog post by Ancestry, the emails and passwords within the file were affiliated with a retired surname list service, and only 55,000 used the same credentials for Ancestry and RootsWeb.com. At least 7,000 of the exposed login credentials were of active Ancestry users. While RootsWeb.com is a free service, Ancestry does charge for some services.

Ancestry stated that RootsWeb.com does not contain credit card or valuable personal information and that they do not believe that any other Ancestry server or website has been breached. They are currently working with law enforcement to uncover the source of the leak, and are reaching out to all affected customers. Customers whose login credentials were compromised will need to create new ones to use their accounts.

As of time of writing, RootsWeb.com is unavailable due to infrastructure upgrades. “As RootsWeb is a free and open community that has been largely built by its users, we may not be able to salvage everything as we work to resolve this issue and enhance the RootsWeb infrastructure” Ancestry stated in their post. 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner