Seen on Scottish Genes:
Wednesday, 22 July 2020
Ancestry advises users to change password if using Family Tree Maker
There has seemingly been another breach of privacy, this time by Software Mackiev (www.mackiev.com), producer of the popular Family Tree Maker software programme, with which users can sync information to their online family tree on Ancestry (www.ancestry.co.uk). It seems that the company has exposed to access information for some 60,000 users thanks to a misconfigured cloud server .
https://www.infosecurity-magazine.co...maker-exposes/ and https://www.wizcase.com/blog/mackiev-leak-research/.
In response, Ancestry has announced the following:
We have been alerted to a potential security vulnerability at the MacKiev Company, which owns Family Tree Maker software. While we no longer have formal affiliation with the company, Family Tree Maker is used by some Ancestry customers to sync family trees between Family Tree Maker software and Ancestry. Based on our investigation, we do not believe that any Ancestry systems or data have been compromised. The Ancestry-Family Tree Maker sync uses OAuth2, a widely- used authentication protocol to provide Family Tree Maker permission to access Ancestry resources without exposing user passwords.
As a best practice, we recommend Ancestry customers who have used their Ancestry credentials to access Family Tree Maker software change their password and enable two-factor authentication.
(Source: https://blogs.ancestry.com/ancestry/...strys-systems/)
Wednesday, 22 July 2020
Ancestry advises users to change password if using Family Tree Maker
There has seemingly been another breach of privacy, this time by Software Mackiev (www.mackiev.com), producer of the popular Family Tree Maker software programme, with which users can sync information to their online family tree on Ancestry (www.ancestry.co.uk). It seems that the company has exposed to access information for some 60,000 users thanks to a misconfigured cloud server .
https://www.infosecurity-magazine.co...maker-exposes/ and https://www.wizcase.com/blog/mackiev-leak-research/.
In response, Ancestry has announced the following:
We have been alerted to a potential security vulnerability at the MacKiev Company, which owns Family Tree Maker software. While we no longer have formal affiliation with the company, Family Tree Maker is used by some Ancestry customers to sync family trees between Family Tree Maker software and Ancestry. Based on our investigation, we do not believe that any Ancestry systems or data have been compromised. The Ancestry-Family Tree Maker sync uses OAuth2, a widely- used authentication protocol to provide Family Tree Maker permission to access Ancestry resources without exposing user passwords.
As a best practice, we recommend Ancestry customers who have used their Ancestry credentials to access Family Tree Maker software change their password and enable two-factor authentication.
(Source: https://blogs.ancestry.com/ancestry/...strys-systems/)
Comment