Originally published at: https://boingboing.net/2018/06/05/my-heritage-leaks.html
…
5 Likes
Why do we even have security on a website, like really WTF does it even matter anymore???
4 Likes
well this is useful today
2 Likes
I noticed that while they took great care in describing how they process passwords they also didn’t mention salting them. This would effectively be like storing the actual password as it’d be a trivial matter for a rainbow table.
2 Likes
Exactly why you might want to download the raw data from the sequence they run on you, and have them destroy the original. Unfortunately, there are no companies out there that will do this, unless you’re affiliated with an institution and have approval from their IRB. None of the flaks from the companies I contacted asking about this would tell me why, but I suspect it has something to do with meddling bioethics busybodies.
Rainbow tables were useful back when the disk cpu trade-off favored disk storage being cheap. GPUs have made rainbow tables obsolete for going on a couple of decades now.
…nope.
Ah. An informative and insightful development. Thank you.
3 Likes
I’ve assumed, ever since I first heard of them, that basically all data collected by any of these heritage/family tree site would be shared with whatever gov’t agency asked for it, if not simply sent directly to the NSA or something. So I can’t say that the hacking makes me think any worse of them.
will dna picture puzzles be the future then
like photoshopping has been
1 Like
I guess “Mother’s maiden name” isn’t a very good security question then?
1 Like
I was basically thinking this exact thing when I came to the comments. Specifically, I think it’s best to assume going forward that whatever sites we use will at some point be hacked.
So do the best you can to protect your information, since they can’t seem to be bothered.
I try to make sure I never use the same password twice (only recently started this, and really need to take a day and go through everything and make sure this is set up correctly everywhere I’ve been), and I make up BS answers to a site’s verification questions and store the answers locally (I use 1Password, but not the cloud version) and never duplicate those answers either.
2 Likes
I would be completely not surprised to find it was employees that did this.
And mildly not surprised to learn they went to work there with the express purpose of stealing the info
I know three people that have had their passwords compromised. In three out of three cases it was this sort of theft.
In each case it would have made no difference if their password was
“passw0rd”
or if it was
“bXuZk_/8Qazt37}#ryTIZh1.l)5U]9"oB-oZ+?Q(6>}n-[52MbS3bCVKh!!vj:0)c5)Gg\RNs^>8Ogyf?4L!&`X0f<”.
This topic was automatically closed after 5 days. New replies are no longer allowed.
