INSUBCONTINENT EXCLUSIVE:
researcher found email addresses and hashed passwords belonging to 92 million of its users
Information in the file dated back to October 27 2017, so anyone who registered an account before that date could be affected.After
discovering the email data in a plain text file, the researcher alerted the company, which set its own security staff to work
It also enlisted the help of an independent cybersecurity teamThe security experts found no evidence of other user data on the server, and
because the passwords were hashed, only the email addresses were readable
a one-way hash of each password, in which the hash key differs for each customer," the site said in a blog post
"This means that anyone gaining access to the hashed passwords does not have the actual passwords."Relative risksOther data, including that
used to build family trees, is stored separately and wasn't compromised, and there was no risk of credit card details being stolen because
the site processes payments using PayPal exclusively.The email addresses are valuable though, and such a huge list would be a handy starting
point for criminals to launch a phishing campaign.This leak is particularly embarrassing because its discovery comes immediately after
implementation of the EU's new General Data Protection Regulation (GDPR), which stresses that any company that holds personal information
recommendeds that all its users change their passwords just in case, and notes that it'll be upgrading to two-factor authentication soon,
