MyHeritage's security team is investigating the data breach to identify any potential exploitation of its system.
Compare this accountability with Equifax, which took six weeks to disclose its own devastating data breach; with LinkedIn, which took four years to tell people that more than 100 million email addresses and poorly encrypted passwords had been stolen from its servers; or with the comedy of errors at Yahoo, which took years to even notice two gargantuan thefts of data that together impacted 3.5 billion users.
A security researcher contacted the company after discovering a file named "myheritage" on a private server, MyHeritage said.
According to the genealogy platform, credit card information is stored by third-party billing providers, while sensitive data, such as family trees and DNA data, is stored on segregated systems, which include added layers of security.
The Israeli-based MyHeritage said the hash key differs for each customer password, suggesting they were salted and hashed, making it harder for cybercriminals to decode the 92 million individual coded passwords. But, Hercher said, the security breach involving MyHeritage doesn't seem to be any different than security breaches at other companies that don't work with genetic information.
"We have no reason to believe those systems have been compromised".
A full report will likely take a while; the company is planning to hire an external security firm to look into the breach, and is working on notifying relevant authorities under USA laws and GDPR, among others. A 24-hour, toll-free number is also provided, 001 888 672 2875.
"For now, there are no other actions that MyHeritage users need to take as a result of this incident".
Mr Deutsche added: "For all registered users of MyHeritage, we recommend that for maximum safety, they change their password on MyHeritage". Please, avoid using the same password for multiple services or websites. That's why it's good to use a password manager and have unique passwords for every site. While that trust is often expected by customers, it's rarely earned. It has set up an information security incident response team, and also contracted an independent cybersecurity team to determine the scope of the breach and provide a recommendation regarding further steps and security measures.