According to Tony Blackham, chief information security officer at Ancestry.com, the file contains information related to users of Rootsweb’s surname list information, a service the genealogy giant retired earlier this year.
RootsWeb is a free community-driven collection of tools that are used to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers since 2000. However, Blackham stressed that RootsWeb does not host sensitive information like credit card numbers or social security numbers; it’s also sequestered from an infrastructure perspective from Ancestry’s other sites. Blackham said that less than 1% of the company’s total customer group used the same account credentials on both Rootsweb and an Ancestry commercial site.
“We determined that the file was legitimate, although the majority of the information was old,” Blackham said. “Though the file contained 300,000 email/usernames and passwords, through our analysis we were able to determine that only approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers. As part of our investigation, our team also uncovered other usernames that were present on the RootsWeb server that, though not on the file shared with us, we reasonably believe could have been exposed externally. We are taking the additional step of informing those users as well.”
Impacted users are being prompted to change their passwords, and the RootsWeb server has been taken temporarily offline. Blackham also said that the company has not seen any activity indicating the compromise of any individual Ancestry accounts.