Topics

Family Tree Maker Exposes Data on 60,000 Users #general #announcements


Jan Meisels Allen
 

 

According to InfoSecurity-magazine.com, Family Tree Maker had a data breach leaking 25 GB of data linked to users of the Family Tree Maker software. After being informed by WizCase the incident was remediated shortly thereafter.  Among the details leaked to the public-facing internet were email addresses, geolocation data, IP addresses, system user IDs, support messages and technical details. Some 60,000 users are thought to have been exposed in this privacy snafu.

 

The data breach also included 25 gigabytes of data mirrored from Ancestry.com LLC.

 

“The leak exposed technical details about the system’s backend, which could help attackers leverage multiple cyber-attacks on Software MacKiev and its associated companies,” it was claimed.

 

To read more see: https://www.wizcase.com/blog/mackiev-leak-research/  and

https://www.infosecurity-magazine.com/news/genealogy-software-maker-exposes/

 

Jan Meisels Allen

Chairperson, IAJGS Public Records Access Monitoring Committee

 


Max Heffler
 

And 6 Bernard Borgers, only one I manage:

 

 

From: main@... [mailto:main@...] On Behalf Of Jan Meisels Allen via groups.jewishgen.org
Sent: Wednesday, July 22, 2020 1:49 AM
To: JewishGen Discussion Group
Subject: [JewishGen.org] Family Tree Maker Exposes Data on 60,000 Users #announcements #general

 

 

According to InfoSecurity-magazine.com, Family Tree Maker had a data breach leaking 25 GB of data linked to users of the Family Tree Maker software. After being informed by WizCase the incident was remediated shortly thereafter.  Among the details leaked to the public-facing internet were email addresses, geolocation data, IP addresses, system user IDs, support messages and technical details. Some 60,000 users are thought to have been exposed in this privacy snafu.

 

The data breach also included 25 gigabytes of data mirrored from Ancestry.com LLC.

 

“The leak exposed technical details about the system’s backend, which could help attackers leverage multiple cyber-attacks on Software MacKiev and its associated companies,” it was claimed.

 

To read more see: https://www.wizcase.com/blog/mackiev-leak-research/  and

https://www.infosecurity-magazine.com/news/genealogy-software-maker-exposes/

 

Jan Meisels Allen

Chairperson, IAJGS Public Records Access Monitoring Committee

 


--

Web sites I manage - Personal home page, Greater Houston Jewish Genealogical Society, Woodside Civic Club, Skala, Ukraine KehilalLink, Joniskelis, Lithuania KehilaLink, and pet volunteer project - Yizkor book project: www.texsys.com/websites.html


Max Heffler
 

Geni has 6 Jakob Borger, 2 I manage:

 

 

From: main@... [mailto:main@...] On Behalf Of Jan Meisels Allen via groups.jewishgen.org
Sent: Wednesday, July 22, 2020 1:49 AM
To: JewishGen Discussion Group
Subject: [JewishGen.org] Family Tree Maker Exposes Data on 60,000 Users #announcements #general

 

 

According to InfoSecurity-magazine.com, Family Tree Maker had a data breach leaking 25 GB of data linked to users of the Family Tree Maker software. After being informed by WizCase the incident was remediated shortly thereafter.  Among the details leaked to the public-facing internet were email addresses, geolocation data, IP addresses, system user IDs, support messages and technical details. Some 60,000 users are thought to have been exposed in this privacy snafu.

 

The data breach also included 25 gigabytes of data mirrored from Ancestry.com LLC.

 

“The leak exposed technical details about the system’s backend, which could help attackers leverage multiple cyber-attacks on Software MacKiev and its associated companies,” it was claimed.

 

To read more see: https://www.wizcase.com/blog/mackiev-leak-research/  and

https://www.infosecurity-magazine.com/news/genealogy-software-maker-exposes/

 

Jan Meisels Allen

Chairperson, IAJGS Public Records Access Monitoring Committee

 


--

Web sites I manage - Personal home page, Greater Houston Jewish Genealogical Society, Woodside Civic Club, Skala, Ukraine KehilalLink, Joniskelis, Lithuania KehilaLink, and pet volunteer project - Yizkor book project: www.texsys.com/websites.html


Bruce Brown
 

On Wed, Jul 22, 2020 at 12:59 PM, Jan Meisels Allen wrote:
Family Tree Maker had a data breach leaking 25 GB of data linked to users of the Family Tree Maker software.
The mention of a "data breach" may be wrongly interpreted by many that their user data was actually stolen by some bad guy or group. This was not stated as such in the referenced source articles.

This was a "white hat" (good guy) exercise to look for weaknesses in the FTM database. The team found the weaknesses and supposedly the vendor corrected problem. These sort of white hat attacks are extremely useful and helpful in improving database security. Is it possible that some bad guy stole the data before the fix? Yes, but that was not stated or proven in the articles.

Bruce Brown
Falls Church, VA


jbonline1111@...
 

This is why I prefer to use only personal computer-based software for my database.  I have no right to expose the information of living relatives to the public, let alone to hackers who may or may not be bad guys.
--
Barbara Sloan
Conway, SC


David Dubin
 

I sent the information to the developer of https://haveibeenpwned.com/ and and secure@...


jeffrey.lane@...
 

I urge everyone to take a moment and carefully read these valuable messages from folks like Jan Meisels Allen.  This was a very narrow “exposure” of data and as describe by Bruce Brown actually a report by someone who found a vulnerability, reported it to the company and confirmed the problem was corrected. 


Stephen Weinstein
 

Why would a genealogy website have geolocation data?