Ancestry.com: Difference between revisions
m Empty subheaders have been removed, but preserved through a comment. Several citation needed templates have been added, and some sentences have been adjusted for clarity and NPOV. At last, a citation for the company description has been added. |
m An extra in-line citation for an existing source has been added for clarity. |
||
| Line 14: | Line 14: | ||
==Consumer impact summary== | ==Consumer impact summary== | ||
==== Strict cancellation and renewal policy ==== | ====Strict cancellation and renewal policy==== | ||
Their business model centers around subscription plans which have the following restrictions. | Their business model centers around subscription plans which have the following restrictions. | ||
| Line 25: | Line 25: | ||
Their Privacy Policies regarding consumer data are subject to change. This can leave many consumers unaware of potential updates to the terms that govern how their data is handled, an especially concerning issue given that genetic data is unique, sensitive, and carries significant implications for consumers’ relatives.{{Citation needed|date=27 Jan 2026}} | Their Privacy Policies regarding consumer data are subject to change. This can leave many consumers unaware of potential updates to the terms that govern how their data is handled, an especially concerning issue given that genetic data is unique, sensitive, and carries significant implications for consumers’ relatives.{{Citation needed|date=27 Jan 2026}} | ||
==== Data breach ==== | ====Data breach==== | ||
Ancestry.com was involved in a data breach where about 300,000 email addresses, usernames, and plaintext passwords were exposed. The breach happened in 2015, but it wasn’t until late 2017 when it was finally discovered and confirmed.<!-- More section suggestions: | Ancestry.com was involved in a data breach where about 300,000 email addresses, usernames, and plaintext passwords were exposed. The breach happened in 2015, but it wasn’t until late 2017 when it was finally discovered and confirmed.<ref name=":0" /><!-- More section suggestions: | ||
Third-party sharing and consent complex and unclear | Third-party sharing and consent complex and unclear | ||
Potential future business acquisitions | Potential future business acquisitions | ||
| Line 50: | Line 50: | ||
===Data Breach (2015)=== | ===Data Breach (2015)=== | ||
RootsWeb, an Ancestry service, suffered a significant data breach. A file containing the access data of approximately 297.8 thousand users was publicly accessible on its server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |url-status=live |archive-url=https://archive.ph/mgqKd |archive-date=7 Jan 2026 |access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |archive-url=https://archive.ph/pxd1Y |archive-date=10 Nov 2024 |access-date=9 Aug 2025 |website=Twingate}}</ref><ref>{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-url=https://archive.ph/XP0Ch |archive-date=7 Jan 2026 |access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on its official website, which is now unavailable, stating that it temporarily shut down RootsWeb and locked all compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you. | RootsWeb, an Ancestry service, suffered a significant data breach. A file containing the access data of approximately 297.8 thousand users was publicly accessible on its server from November 2015 to December 2017.<ref>{{Cite web |title=Ancestry |url=https://haveibeenpwned.com/breach/Ancestry |url-status=live |archive-url=https://archive.ph/mgqKd |archive-date=7 Jan 2026 |access-date=9 Aug 2025 |website=haveibeenpwned.com}}</ref><ref>{{Cite web |date=22 Feb 2024 |title=What happened in the Ancestry data breach? |url=https://www.twingate.com/blog/tips/ancestry-data-breach |archive-url=https://archive.ph/pxd1Y |archive-date=10 Nov 2024 |access-date=9 Aug 2025 |website=Twingate}}</ref><ref name=":0">{{Cite web |last=Spring |first=Tom |date=27 Dec 2017 |title=Leaky RootsWeb Server Exposes Some Ancestry.com User Data |url=https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ |archive-url=https://archive.ph/XP0Ch |archive-date=7 Jan 2026 |access-date=9 Aug 2025 |website=threatpost}}</ref> The company published a security update on its official website, which is now unavailable, stating that it temporarily shut down RootsWeb and locked all compromised Ancestry accounts, requiring users to change their passwords.<ref>{{Cite web |last=Blackham |first=Tony |date=23 Dec 2017 |title=RootsWeb Security Update |url=https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |url-status=live |archive-url=https://web.archive.org/web/20171227232406/https://blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/ |archive-date=27 Dec 2017 |access-date=9 Aug 2025 |website=Ancestry}}</ref> Below is part of the full statement:<blockquote>We want to share an important security update with you. | ||
Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate. | Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate. | ||