Ancestry.com: Difference between revisions

(9 intermediate revisions by 6 users not shown)

Line 1:

{{incomplete|Issue 1=This need work to fit the [[Template:CompanyPreload|company article format]]|Issue 2= The section regarding the data leak is empty}}

{{ProductCargo

{{~~InfoboxProductLine~~

|ArticleType=Service

| ~~Title~~ = ~~Ancestry.com~~

|Category=Genealogy

| ~~Release Year~~ = ~~1996~~

|Company=Blackstone

| ~~Product Type~~ = ~~Genealogy~~

|Description=

| ~~In Production~~ = Yes

|InProduction=Yes

| ~~Official~~ Website = https://ancestry.com/

|Logo=Ancestry.svg

~~| Logo = Ancestry.svg~~

|ProductLine=

|ReleaseYear=1996

|Website=https://ancestry.com/

}}

[[wikipedia:Ancestry.com|'''Ancestry.com''']], owned by [[wikipedia:Blackstone_Inc.|The Blackstone Group]], is a genealogy company based in the US, known for its DNA testing and family trees.<ref>{{Cite web |date=27 Jan 2026 |title=Our Story |url=https://www.ancestry.com/corporate/about-ancestry/our-story |url-status=live |access-date=27 Jan 2026 |website=Ancestry Corporate |archive-url=http://web.archive.org/web/20260107172747/https://www.ancestry.com/corporate/about-ancestry/our-story |archive-date=7 Jan 2026}}</ref>

[[wikipedia:Ancestry.com|'''Ancestry.com''']], owned by [[wikipedia:Blackstone_Inc.|The Blackstone Group]], is a genealogy company based in the US, known for its DNA testing and family trees.

==Consumer impact summary==

===~~Business Practices~~===

====Strict cancellation and renewal policy====

~~'''Strict cancellation rules:'''~~

Their business model centers around subscription plans which have the following restrictions.

~~14-day window to avoid~~ cancellation fees ($~~25–~~$50).

*Predefined cancellation fees (e.g., up to $25, $50, or the remaining balance).<ref name=":1" />

*Consumers need to cancel at least two days before the renewal date or trial expiration.<ref name=":1" />

*Limited to narrow, front-loaded refund windows.{{Clarify|how}}

*Only long-term commitments, such as 6-month and 12-month plans.{{Citation needed|date=27 Jan 2026}}

===Privacy===

~~'''2-year~~ data ~~breach (2015–2017):'''~~

Their Privacy Policies regarding consumer data are subject to change. This can leave many consumers unaware of potential updates to the terms that govern how their data is handled, an especially concerning issue given that genetic data is unique, sensitive, and carries significant implications for consumers’ relatives.{{Citation needed|date=27 Jan 2026}}

~~Credentials leaked via RootsWeb; some of them reused on~~ Ancestry. ~~Exposed~~ data ~~remained public for years~~.

====Data breach====

Ancestry.com was involved in a data breach where about 300,000 email addresses, usernames, and plaintext passwords were exposed. The breach happened in 2015, but it wasn’t until late 2017 when it was finally discovered and confirmed.<ref name=":0" /><!-- More section suggestions:

Third-party sharing and consent complex and unclear

Potential future business acquisitions

Opt-in versus opt-out ambiguity

Long-term data retention post deletion

Potential use on consumer data in genetic research -->

==Anti-consumer practices==

===Cancellation policy===

Ancestry.com may charge a cancellation fee for "Subscriptions Longer than a Month, Billed Monthly" if users do not cancel within the first 14 days.<ref>{{cite web |date=2 Dec 2025 |title=Ancestry Renewal and Cancellation Terms |url=https://www.ancestry.com/c/legal/renewal-cancellation-terms |url-status=live |archive-url=https://web.archive.org/web/20251011193700/https://www.ancestry.com/c/legal/renewal-cancellation-terms |archive-date=11 Oct 2025 |access-date=2025-02-05 |website=Ancestry}}</ref><ref>{{Cite web |date=26 Jun 2023 |title=Cancelation fee ? |url=https://www.reddit.com/r/AncestryDNA/comments/14jqeu9/cancelation_fee/ |url-status=live |access-date=9 Aug 2025 |website=Reddit |via=[[Reddit]]}}</ref>

Ancestry.com may charge a cancellation fee for "Subscriptions Longer than a Month, Billed Monthly" if users do not cancel within the first 14 days.<ref name=":1">{{cite web |date=2 Dec 2025 |title=Ancestry Renewal and Cancellation Terms |url=https://www.ancestry.com/c/legal/renewal-cancellation-terms |url-status=live |archive-url=https://web.archive.org/web/20251011193700/https://www.ancestry.com/c/legal/renewal-cancellation-terms |archive-date=11 Oct 2025 |access-date=2025-02-05 |website=Ancestry}}</ref><ref>{{Cite web |date=26 Jun 2023 |title=Cancelation fee ? |url=https://www.reddit.com/r/AncestryDNA/comments/14jqeu9/cancelation_fee/ |url-status=live |archive-url=http://web.archive.org/web/20230626191850/https://old.reddit.com/r/AncestryDNA/comments/14jqeu9/cancelation_fee/ |archive-date=26 Jun 2023|access-date=9 Aug 2025 |website=Reddit |via=[[Reddit]]}}</ref>

Line 41:

Line 51:

===Data Breach (2015)===

RootsWeb, an Ancestry service, suffered a significant data breach~~: a~~ file containing the access data of 297.8 thousand users ~~has been~~ publicly accessible on ~~their~~ server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |access-date=9 Aug 2025 |website=Twingate}}</ref><ref>{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on ~~the~~ official website, now unavailable, stating that ~~they temporarely~~ shut down RootsWeb and locked all ~~the~~ compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you.

RootsWeb, an Ancestry service, suffered a significant data breach. A file containing the access data of approximately 297.8 thousand users was publicly accessible on its server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |url-status=live |archive-url=http://web.archive.org/web/20251218083052/https://haveibeenpwned.com/Breach/Ancestry |archive-date=18 Dec 2025|access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |archive-url=https://web.archive.org/web/20260222204053/https://www.twingate.com/blog/tips/ancestry-data-breach |archive-date=22 Feb 2026|access-date=9 Aug 2025 |website=Twingate}}</ref><ref name=":0">{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-url=http://web.archive.org/web/20250818105231/https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-date=18 Aug 2025|access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on its official website, which is now unavailable, stating that it temporarily shut down RootsWeb and locked all compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you.

Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate.

@@ Line 1: / Line 1: @@
 {{incomplete|Issue 1=This need work to fit the [[Template:CompanyPreload|company article format]]|Issue 2= The section regarding the data leak is empty}}
+{{ProductCargo
-{{InfoboxProductLine
+|ArticleType=Service
-| Title = Ancestry.com
+|Category=Genealogy
-| Release Year = 1996
+|Company=Blackstone
-| Product Type = Genealogy
+|Description=
-| In Production = Yes
+|InProduction=Yes
-| Official Website = https://ancestry.com/
+|Logo=Ancestry.svg
-| Logo = Ancestry.svg
+|ProductLine=
+|ReleaseYear=1996
+|Website=https://ancestry.com/
 }}
+[[wikipedia:Ancestry.com|'''Ancestry.com''']], owned by [[wikipedia:Blackstone_Inc.|The Blackstone Group]], is a genealogy company based in the US, known for its DNA testing and family trees.<ref>{{Cite web |date=27 Jan 2026 |title=Our Story |url=https://www.ancestry.com/corporate/about-ancestry/our-story |url-status=live |access-date=27 Jan 2026 |website=Ancestry Corporate |archive-url=http://web.archive.org/web/20260107172747/https://www.ancestry.com/corporate/about-ancestry/our-story |archive-date=7 Jan 2026}}</ref>
-[[wikipedia:Ancestry.com|'''Ancestry.com''']], owned by [[wikipedia:Blackstone_Inc.|The Blackstone Group]], is a genealogy company based in the US, known for its DNA testing and family trees.
 ==Consumer impact summary==
-===Business Practices===
+====Strict cancellation and renewal policy====
-'''Strict cancellation rules:'''
+Their business model centers around subscription plans which have the following restrictions.
--day window to avoid cancellation fees ($25–$50).
+*Predefined cancellation fees (e.g., up to $25, $50, or the remaining balance).<ref name=":1" />
+*Consumers need to cancel at least two days before the renewal date or trial expiration.<ref name=":1" />
+*Limited to narrow, front-loaded refund windows.{{Clarify|how}}<!-- I removed "No refund" point because this point contradicts that -->
+*Only long-term commitments, such as 6-month and 12-month plans.{{Citation needed|date=27 Jan 2026}}
 ===Privacy===
-'''2-year data breach (2015–2017):'''
+Their Privacy Policies regarding consumer data are subject to change. This can leave many consumers unaware of potential updates to the terms that govern how their data is handled, an especially concerning issue given that genetic data is unique, sensitive, and carries significant implications for consumers’ relatives.{{Citation needed|date=27 Jan 2026}}
-Credentials leaked via RootsWeb; some of them reused on Ancestry. Exposed data remained public for years.
+====Data breach====
+Ancestry.com was involved in a data breach where about 300,000 email addresses, usernames, and plaintext passwords were exposed. The breach happened in 2015, but it wasn’t until late 2017 when it was finally discovered and confirmed.<ref name=":0" /><!-- More section suggestions:
+Third-party sharing and consent complex and unclear
+Potential future business acquisitions
+Opt-in versus opt-out ambiguity
+Long-term data retention post deletion
+Potential use on consumer data in genetic research -->
 ==Anti-consumer practices==
 ===Cancellation policy===
-Ancestry.com may charge a cancellation fee for "Subscriptions Longer than a Month, Billed Monthly" if users do not cancel within the first 14 days.<ref>{{cite web |date=2 Dec 2025 |title=Ancestry Renewal and Cancellation Terms |url=https://www.ancestry.com/c/legal/renewal-cancellation-terms |url-status=live |archive-url=https://web.archive.org/web/20251011193700/https://www.ancestry.com/c/legal/renewal-cancellation-terms |archive-date=11 Oct 2025 |access-date=2025-02-05 |website=Ancestry}}</ref><ref>{{Cite web |date=26 Jun 2023 |title=Cancelation fee ? |url=https://www.reddit.com/r/AncestryDNA/comments/14jqeu9/cancelation_fee/ |url-status=live |access-date=9 Aug 2025 |website=Reddit |via=[[Reddit]]}}</ref>
+Ancestry.com may charge a cancellation fee for "Subscriptions Longer than a Month, Billed Monthly" if users do not cancel within the first 14 days.<ref name=":1">{{cite web |date=2 Dec 2025 |title=Ancestry Renewal and Cancellation Terms |url=https://www.ancestry.com/c/legal/renewal-cancellation-terms |url-status=live |archive-url=https://web.archive.org/web/20251011193700/https://www.ancestry.com/c/legal/renewal-cancellation-terms |archive-date=11 Oct 2025 |access-date=2025-02-05 |website=Ancestry}}</ref><ref>{{Cite web |date=26 Jun 2023 |title=Cancelation fee ? |url=https://www.reddit.com/r/AncestryDNA/comments/14jqeu9/cancelation_fee/ |url-status=live |archive-url=http://web.archive.org/web/20230626191850/https://old.reddit.com/r/AncestryDNA/comments/14jqeu9/cancelation_fee/ |archive-date=26 Jun 2023|access-date=9 Aug 2025 |website=Reddit |via=[[Reddit]]}}</ref>
 <blockquote>
@@ Line 41: / Line 51: @@
 ===Data Breach (2015)===
-RootsWeb, an Ancestry service, suffered a significant data breach: a file containing the access data of 297.8 thousand users has been publicly accessible on their server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |access-date=9 Aug 2025 |website=Twingate}}</ref><ref>{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on the official website, now unavailable, stating that they temporarely shut down RootsWeb and locked all the compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you.
+RootsWeb, an Ancestry service, suffered a significant data breach. A file containing the access data of approximately 297.8 thousand users was publicly accessible on its server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |url-status=live |archive-url=http://web.archive.org/web/20251218083052/https://haveibeenpwned.com/Breach/Ancestry |archive-date=18 Dec 2025|access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |archive-url=https://web.archive.org/web/20260222204053/https://www.twingate.com/blog/tips/ancestry-data-breach |archive-date=22 Feb 2026|access-date=9 Aug 2025 |website=Twingate}}</ref><ref name=":0">{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-url=http://web.archive.org/web/20250818105231/https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-date=18 Aug 2025|access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on its official website, which is now unavailable, stating that it temporarily shut down RootsWeb and locked all compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you.
 Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate.