Ancestry.com: Difference between revisions

Line 14:

==Consumer impact summary==

=== ~~Problematic~~ Business Practices ===

===Business Practices===

'''Strict cancellation rules:'''

14-day window to avoid cancellation fees ($25–$50).

=== Privacy ~~Failure~~ ===

===Privacy===

'''2-year data breach (2015–2017):'''

Line 41:

===Data Breach (2015)===

RootsWeb, an Ancestry service, suffered a significant data breach: a file containing the access data of 297.8 thousand users has been publicly accessible on their server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |access-date=9 Aug 2025 |website=Twingate}}</ref><ref>{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on the official website, now unavailable, stating that they temporarely shut down RootsWeb and locked all the compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=[[Ancestry]]}}</ref> Below the full statement:<blockquote>We want to share an important security update with you.

RootsWeb, an Ancestry service, suffered a significant data breach: a file containing the access data of 297.8 thousand users has been publicly accessible on their server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |access-date=9 Aug 2025 |website=Twingate}}</ref><ref>{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on the official website, now unavailable, stating that they temporarely shut down RootsWeb and locked all the compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=[[Ancestry]]}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you.

Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate.

Line 48:

In all cases, any user whose account had its associated email/username and password included on the file has had their accounts locked and will need to create a new password the next time they visit.

~~'''What Happened'''~~

Immediately after receiving the file containing the RootsWeb surname list user data, the Ancestry Information Security Team commenced its analysis of the file and its contents, and started a forensic investigation of RootsWeb’s systems to determine the source of the data and identify any potential active exploitation of the RootsWeb system.

As a result of that analysis, we determined that the file was legitimate, although the majority of the information was old. Though the file contained 300,000 email/usernames and passwords, through our analysis we were able to determine that only approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers. As part of our investigation, our team also uncovered other usernames that were present on the RootsWeb server that, though not on the file shared with us, we reasonably believe could have been exposed externally. We are taking the additional step of informing those users as well.

We believe the intrusion was limited to the RootsWeb surname list, where someone was able to create the file of older RootsWeb usernames and passwords as a direct result of how part of this open community was set up, an issue we are working to rectify. We have no reason to believe that any Ancestry systems were compromised. Further, we have not seen any activity indicating the compromise of any individual Ancestry accounts.

'''What We’ve Done'''

Line 69:

Line 61:

If you are a customer whose account was impacted, you will receive an email telling you that you need to change your password. In that case, you will be required to create a new password the next time you visit Ancestry.

For the vast majority of customers who are not impacted by this, there is nothing you need to do as a result of this incident. However, we always recommend that you take the time to evaluate your own security settings. Please, never use the same username and password for multiple services or sites. And it’s generally good practice to use longer passwords and to change them regularly.

For the vast majority of customers who are not impacted by this, there is nothing you need to do as a result of this incident. However, we always recommend that you take the time to evaluate your own security settings. Please, never use the same username and password for multiple services or sites. And it’s generally good practice to use longer passwords and to change them regularly.</blockquote>

~~'''What We’re Doing from Here'''~~

As always, your privacy and the security of the data you share with us are our highest priority. We are continually assessing our policy and procedures and always seeking ways to improve our approach to security. We understand the importance of our role as stewards of your information and work every day to earn your trust.

We are doing a deep analysis of RootsWeb, its design and how we might be able to help the community enhance the site and its services. It is our desire to continue to host these tools for the community with appropriate safeguards in place.

~~Please let us know if you have any questions at Support Center, and thank you for your understanding~~.</blockquote>

== References ==

==References==

[[Category:Blackstone]]

@@ Line 14: / Line 14: @@
 ==Consumer impact summary==
-=== Problematic Business Practices ===
+===Business Practices===
 '''Strict cancellation rules:'''
 -day window to avoid cancellation fees ($25–$50).
-=== Privacy Failure ===
+===Privacy===
 '''2-year data breach (2015–2017):'''
@@ Line 41: / Line 41: @@
 ===Data Breach (2015)===
-RootsWeb, an Ancestry service, suffered a significant data breach: a file containing the access data of 297.8 thousand users has been publicly accessible on their server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |access-date=9 Aug 2025 |website=Twingate}}</ref><ref>{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on the official website, now unavailable, stating that they temporarely shut down RootsWeb and locked all the compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=[[Ancestry]]}}</ref> Below the full statement:<blockquote>We want to share an important security update with you.
+RootsWeb, an Ancestry service, suffered a significant data breach: a file containing the access data of 297.8 thousand users has been publicly accessible on their server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |access-date=9 Aug 2025 |website=Twingate}}</ref><ref>{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on the official website, now unavailable, stating that they temporarely shut down RootsWeb and locked all the compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=[[Ancestry]]}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you.
 Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate.
@@ Line 48: / Line 48: @@
 In all cases, any user whose account had its associated email/username and password included on the file has had their accounts locked and will need to create a new password the next time they visit.
-'''What Happened'''
-Immediately after receiving the file containing the RootsWeb surname list user data, the Ancestry Information Security Team commenced its analysis of the file and its contents, and started a forensic investigation of RootsWeb’s systems to determine the source of the data and identify any potential active exploitation of the RootsWeb system.
-As a result of that analysis, we determined that the file was legitimate, although the majority of the information was old. Though the file contained 300,000 email/usernames and passwords, through our analysis we were able to determine that only approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers. As part of our investigation, our team also uncovered other usernames that were present on the RootsWeb server that, though not on the file shared with us, we reasonably believe could have been exposed externally. We are taking the additional step of informing those users as well.
-We believe the intrusion was limited to the RootsWeb surname list, where someone was able to create the file of older RootsWeb usernames and passwords as a direct result of how part of this open community was set up, an issue we are working to rectify. We have no reason to believe that any Ancestry systems were compromised. Further, we have not seen any activity indicating the compromise of any individual Ancestry accounts.
 '''What We’ve Done'''
@@ Line 69: / Line 61: @@
 If you are a customer whose account was impacted, you will receive an email telling you that you need to change your password. In that case, you will be required to create a new password the next time you visit Ancestry.
-For the vast majority of customers who are not impacted by this, there is nothing you need to do as a result of this incident. However, we always recommend that you take the time to evaluate your own security settings. Please, never use the same username and password for multiple services or sites. And it’s generally good practice to use longer passwords and to change them regularly.
+For the vast majority of customers who are not impacted by this, there is nothing you need to do as a result of this incident. However, we always recommend that you take the time to evaluate your own security settings. Please, never use the same username and password for multiple services or sites. And it’s generally good practice to use longer passwords and to change them regularly.</blockquote>
-'''What We’re Doing from Here'''
-As always, your privacy and the security of the data you share with us are our highest priority. We are continually assessing our policy and procedures and always seeking ways to improve our approach to security. We understand the importance of our role as stewards of your information and work every day to earn your trust.
-We are doing a deep analysis of RootsWeb, its design and how we might be able to help the community enhance the site and its services. It is our desire to continue to host these tools for the community with appropriate safeguards in place.
-Please let us know if you have any questions at Support Center, and thank you for your understanding.</blockquote>
-== References ==
+==References==
 <references />
 [[Category:Blackstone]]