Ancestry.com: Difference between revisions

Line 51:

===Data Breach (2015)===

RootsWeb, an Ancestry service, suffered a significant data breach. A file containing the access data of approximately 297.8 thousand users was publicly accessible on its server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |url-status=live |archive-url=http://web.archive.org/web/20251218083052/https://haveibeenpwned.com/Breach/Ancestry |archive-date=18 Dec 2025|access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |archive-url=https://archive.ph/~~pxd1Y~~ |archive-date=~~10 Nov 2024~~ |access-date=9 Aug 2025 |website=Twingate}}</ref><ref name=":0">{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-url=http://web.archive.org/web/20250818105231/https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-date=18 Aug 2025|access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on its official website, which is now unavailable, stating that it temporarily shut down RootsWeb and locked all compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you.

RootsWeb, an Ancestry service, suffered a significant data breach. A file containing the access data of approximately 297.8 thousand users was publicly accessible on its server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |url-status=live |archive-url=http://web.archive.org/web/20251218083052/https://haveibeenpwned.com/Breach/Ancestry |archive-date=18 Dec 2025|access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |archive-url=https://web.archive.org/web/20260222204053/https://www.twingate.com/blog/tips/ancestry-data-breach |archive-date=22 Feb 2026|access-date=9 Aug 2025 |website=Twingate}}</ref><ref name=":0">{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-url=http://web.archive.org/web/20250818105231/https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-date=18 Aug 2025|access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on its official website, which is now unavailable, stating that it temporarily shut down RootsWeb and locked all compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you.

Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate.

@@ Line 51: / Line 51: @@
 ===Data Breach (2015)===
-RootsWeb, an Ancestry service, suffered a significant data breach. A file containing the access data of approximately 297.8 thousand users was publicly accessible on its server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |url-status=live |archive-url=http://web.archive.org/web/20251218083052/https://haveibeenpwned.com/Breach/Ancestry |archive-date=18 Dec 2025|access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |archive-url=https://archive.ph/pxd1Y |archive-date=10 Nov 2024 |access-date=9 Aug 2025 |website=Twingate}}</ref><ref name=":0">{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-url=http://web.archive.org/web/20250818105231/https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-date=18 Aug 2025|access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on its official website, which is now unavailable, stating that it temporarily shut down RootsWeb and locked all compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you.
+RootsWeb, an Ancestry service, suffered a significant data breach. A file containing the access data of approximately 297.8 thousand users was publicly accessible on its server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |url-status=live |archive-url=http://web.archive.org/web/20251218083052/https://haveibeenpwned.com/Breach/Ancestry |archive-date=18 Dec 2025|access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |archive-url=https://web.archive.org/web/20260222204053/https://www.twingate.com/blog/tips/ancestry-data-breach |archive-date=22 Feb 2026|access-date=9 Aug 2025 |website=Twingate}}</ref><ref name=":0">{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-url=http://web.archive.org/web/20250818105231/https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-date=18 Aug 2025|access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on its official website, which is now unavailable, stating that it temporarily shut down RootsWeb and locked all compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you.
 Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate.