Family Tree Maker genealogy software experiences data breach

The year 2020 has been a mind-boggling experience with regards to data protection (or lack thereof). Though it is only July, the amount of high-profile data leaks and data breaches continue to cause havoc for companies and customers. The most recent high-profile victim of data insecurity is a popular genealogy tool employed by tens of thousands. According to a blog post from Chase Williams of WizCase, Family Tree Maker (which is operated by Software MacKiev and used by Ancestry.com) has been found to be insecure.

The findings from WizCase’s white-hat security team, which is led by Avishai Efrat, uncovered the following:

The misconfigured ElasticSearch server exposed information of approximately 60,000 users (including duplicates) and complaints sent to customer support and extremely vulnerable data about their physical location. As the company is based in the US, most of its users could be identified as US residents.

The data totaled around 25GB, and as the report notes, if used by cybercriminals, there could be dire consequences. The personal data in the Family Tree Maker ElasticSearch server can be used for social engineering attacks like phishing, identity theft fraud campaigns, and even business espionage.  When the WizCase team discovered the misconfigured Family Tree Maker server, Software MacKiev was notified immediately. Though Williams notes in his report that the company made no confirmation regarding the disclosure, the server was, in fact, secured days later.

There is no evidence that cybercriminals gained access to the data in the ElasticSearch server. Nevertheless, anyone who uses Family Tree Maker should change their passwords and keep an eye on their personal data. Anything that the server has could have been stolen and passed around on the Dark Web, so practice defensive awareness for the time being. Make sure you only give a company, no matter what it is, the least amount of data you need to.

Featured image: Software MacKiev/ FamilyTree.com

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Azure Windows Virtual Desktop: Avoid the fresh hell of stale user sessions

This tutorial on Azure Windows Virtual Desktop and stale users can help you cut down…

1 hour ago

Phishing campaign spoofs texas.gov domain, targets computer vendors

A convincing-looking phishing campaign purportedly from a Texas government agency is targeting computer vendors in…

5 hours ago

Top 5 cybersecurity innovations and why they’re drawing in the money

With attackers making use of every vulnerability, our sense of security has turned into insecurity.…

8 hours ago

Have you really tested your disaster recovery plan?

How do you simulate a disaster to see whether your disaster recovery plan is ready…

1 day ago

Using conditions in ARM templates when deploying infrastructure-as-code

This Quick Tip shows you a neat little coding trick that will help you when…

1 day ago

Full circle: On-premises Exchange to Microsoft 365 — and back again

Migration from on-premises Exchange to Microsoft 365 may not be a one-way street. What about…

1 day ago