Follow up from MyHeritage GDPR request

Shadow profile
I got this from MyHeritage today… after submitting my GDPR request to them to find out the history of my account.
We apologize for this breach and the fact that your email address might have been part of it. The email addresses were included in the breach along with a hashed password – not the actual password (which has been expired and can no longer be used to access the account on MyHeritage). Other than this, there has not been a violation of the data. See our official statement here and an updated statement here.

Please be advised that this incident does not affect the privacy of any sensitive information you have on your online family site, including DNA information and family trees. Only hashed versions of passwords were stolen, which means they cannot be used to log in to your private account on MyHeritage.

There has been no evidence that the stolen information was ever used by the perpetrators. Since Oct 26, 2017 (the date of the breach) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromised.

The privacy and the security of your information is our highest priority and we continually assess our procedures and policies and seek the best methods to secure information. The work on adding two-factor authentication to MyHeritage is completed and you can read the full explanation about this feature here.

In addition to that, I have carried out a search within our system, and I was not able to locate an account using your email address: **********************************

If you had an account using this email address and the account was deleted, we currently do not retain any information from your registered account and therefore, I cannot provide you with any information regarding it as it no longer exists.

However, if you registered to MyHeritage using another email address, please let me know with which so I will be able to locate it. In addition to that, as an extra security measure, if you still have access to this email address would you please be so kind to send us an email using that address?

If you run into any further issues, by all means, please don’t hesitate to reply. I’m here for you.

MyHeritage Support team

Maybe I deleted my account too soon, unfortunately giving them a easy out. I should have done the GDPR request then deleted my account afterwards! I was looking forward seeing proof the account was a shadow profile

Compromised passwords and your idenity online

So I just recently downloaded the Skype 2.0 beta which supports Video chat. And deceided to go try it out, but oh no… I cant login. Whats going on I started to wonder, its not like I got the wrong username and password because I've been using Keepass for quite some time now, plus Skype saves the password if you want it to anyway. So i'm wondering what the hecks going on. 1min of searching later I find Skype Passwords Compromised?

So generally if you registered for share.skype.com then your at risk. Well thats me, after my little dabble with there developers area. Now I cant access my skype address and because I moved house and changed broadband account I cant actually retrieve my changed password. So in other words, the user cubicgarden on skype is not going to be me anytime soon. Yeah I'm pretty bitter about it all.

Something simular happened with my old cubicgarden Bloglines account a while ago and let me tell you about the frustrating emails I sent trying to prove I was the user of that account. It was insane to say the least. If Skype like Bloglines dont accept that as the registered owner of cubicgarden.com I would choose cubicgarden as a username then I'm once again stuck. There has got be a better way to do Identity online? Talking of which Dick Hardt (Sxip identity) talk at web 2.0 is interesting to say the least. I really see the need for something like sxip, as relying on your email or even a url for a id is sucky to say the least. Geez even using a hash in a FOAF file would be better than email and a url.

Can I also just say, this is another example of company's leaking your online identity. Privicy and security online, well what do you make of that improbulus?

Comments [Comments]
Trackbacks [0]