Wednesday 22 July 2020

Ancestry advises users to change password if using Family Tree Maker

There has seemingly been another breach of privacy, this time by Software Mackiev (www.mackiev.com), producer of the popular Family Tree Maker software programme, with which users can sync information to their online family tree on Ancestry (www.ancestry.co.uk). It seems that the company has exposed to access information for some 60,000 users thanks to a misconfigured cloud server - the full story is at https://www.infosecurity-magazine.com/news/genealogy-software-maker-exposes/ and https://www.wizcase.com/blog/mackiev-leak-research/.


In response, Ancestry has announced the following:

We have been alerted to a potential security vulnerability at the MacKiev Company, which owns Family Tree Maker software. While we no longer have formal affiliation with the company, Family Tree Maker is used by some Ancestry customers to sync family trees between Family Tree Maker software and Ancestry. Based on our investigation, we do not believe that any Ancestry systems or data have been compromised. The Ancestry-Family Tree Maker sync uses OAuth2, a widely- used authentication protocol to provide Family Tree Maker permission to access Ancestry resources without exposing user passwords.

As a best practice, we recommend Ancestry customers who have used their Ancestry credentials to access Family Tree Maker software change their password and enable two-factor authentication.

(Source: https://blogs.ancestry.com/ancestry/2020/07/22/ancestry-security-team-confident-family-tree-maker-vulnerability-has-not-impacted-ancestrys-systems/)

This looks like it could become one of those weeks...


Chris

My next 5 week Scottish Research Online course starts August 31st - see https://www.pharostutors.com/details.php?coursenumber=102. My book Tracing Your Scottish Family History on the Internet, at http://bit.ly/ChrisPaton-Scottish2 is now out, also available are Tracing Your Irish Family History on the Internet (2nd ed) at http://bit.ly/ChrisPaton-Irish1 and Tracing Your Scottish Ancestry Through Church and State Records at http://bit.ly/ChrisPaton-Scotland1. Further news published daily on The Scottish GENES Facebook page, and on Twitter @genesblog.

No comments:

Post a Comment