14 Mar 2012

Security bug on Ancestry.com may leave users vulnerable

Users of Ancestry.com could have valuable personal information exposed and left vulnerable to theft after a security bug was exposed by hackers, according to MSNBC's Security News Blog. Matt Liebowitz said TeamHav0k, a network of hackers, found an SQL injection vulnerability in the genealogy-tracking website. Users should be sure to change passwords and use internet security until the threat has passed.

In a post on Pastebin, the hackers explain that the exploit wasn't to damage the users of the website but to highlight what a major flaw on a website such as this could do. SecurityNewsDaily said no actual information was included, but there was some front-loaded data to show hackers did access information.

"A site like this should be more protected, considering the kind of information they have on people, just imagine if NATO, UN, FBI, CIA etc .. officials use this site to look back in time to see who all is in their family tree," according to the TeamHav0k post announcing the hacking. "This release is not meant to harm anyone, it's simply just to prove 'Security Is An Illusion.'"

People can't always count on websites being fully secure. Using antivirus software and internet security is a must for everyone on the web.