Ancestry.com claims no harm from security vulnerability in Family Tree Maker
If you’re at all familiar with genealogy then you'll likely know both Ancestry and Family Tree Maker -- they an integral part of the pastime. Unfortunately, independent review site WizCase recently discovered an open and unencrypted ElasticSearch server that belonged to Software MacKiev, the owners of Family Tree Maker.
The leak exposed thousands of records including email addresses, user locations, and other sensitive personal information. FTM was owned by Ancestry.com until 2016 when Software MacKiev took it over, and the software is still used to upload databases to the Ancestry online trees.
Writing about the issue, Ancestry has been quick to reassure its own customers stating: "We have been alerted to a potential security vulnerability at the MacKiev Company, which owns Family Tree Maker software. While we no longer have formal affiliation with the company, Family Tree Maker is used by some Ancestry customers to sync family trees between Family Tree Maker software and Ancestry."
The company goes on to state that after an investigation, it does not believe any of its systems or data has been compromised. Its protocol for FTM to access its database uses OAuth2 to authenticate.
However, just to be safe, the company states "As a best practice, we recommend Ancestry customers who have used their Ancestry credentials to access Family Tree Maker software change their password and enable two-factor authentication."
That advice is practical on all websites. Use good strong passwords and change them occasionally. Don’t show up in the annual password popularity list that includes ones like 12345.