Though no specific details on the loss of data have been revealed, MyHertiage claimed that the “…website was breached…“, which would suggest an active attack as opposed to an unsecured database or other negligence. Luckily, MyHeritage has reported that no other customer information was compromised and that the stolen passwords were stored hashed with unique salts, which will likely minimize any potential damage. MyHeritage also reported that they utilize segregated systems with added security layers for storing other types of customer data (including DNA information), which appears unaffected. Finally, there are no reports of any accounts having been compromised by the breach.
The moral of this story is that, unlike most of the security headlines these days, what could have been a breach of catastrophic proportions appears to have had minimal impact thanks to a company employing proper cybersecurity forethought and best practices.