Ancestry.com: Difference between revisions
added archive link with archive date |
Making page align more with the standard company model, adding to existing consumer concerns and appending new consumer concerns. |
||
| Line 15: | Line 15: | ||
===Business Practices=== | ===Business Practices=== | ||
'''Strict | '''Strict cancelation policy and strict renewal policy:''' | ||
Consumers are restricted to subscription plans that are largely: | |||
* Renewed by default unless canceled more than two days before the renewal date or trial expiration. | |||
* No-refundable. | |||
* Subject to predefined cancellation fees (e.g., up to $25, $50, or the remaining balance). | |||
* Limited to narrow, front-loaded refund windows. | |||
* Locked into long-term commitments for 6-month and 12-month plans. | |||
===Privacy=== | ===Privacy=== | ||
''' | '''Third-party sharing and consent complex and unclear:''' | ||
'''Potential future business acquisitions:''' | |||
'''Opt-in versus opt-out ambiguity:''' | |||
'''Long-term data retention post deletion:''' | |||
'''Potential use on consumer data in genetic research:''' | |||
'''Policy subject to change:''' | |||
Such is the case with many companies: their policies, including their Privacy Policies regarding consumer data, are subject to change. This can leave many consumers unaware of potential updates to the terms that govern how their data is handled, an especially concerning issue given that genetic data is unique, sensitive, and carries significant implications for consumers’ relatives. | |||
'''Data breach:''' | |||
Ancestry.com was involved in a data breach where about 300,000 email addresses, usernames, and plaintext passwords were exposed. The breach happened in 2015, but it wasn’t until late 2017 when it was finally discovered and confirmed. | |||
'''Lawsuits:''' | |||
==Anti-consumer practices== | ==Anti-consumer practices== | ||
| Line 41: | Line 62: | ||
===Data Breach (2015)=== | ===Data Breach (2015)=== | ||
RootsWeb, an Ancestry service, suffered a significant data breach | RootsWeb, an Ancestry service, suffered a significant data breach. A file containing the access data of approximately 297.8 thousand users was publicly accessible on its server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |url-status=live |archive-url=https://archive.ph/mgqKd |archive-date=7 Jan 2026 |access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |archive-url=https://archive.ph/pxd1Y |archive-date=10 Nov 2024 |access-date=9 Aug 2025 |website=Twingate}}</ref><ref>{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-url=https://archive.ph/XP0Ch |archive-date=7 Jan 2026 |access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on its official website, which is now unavailable, stating that it temporarily shut down RootsWeb and locked all compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you. | ||
Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate. | Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate. | ||