FamilySearch.org hacked?
Recently (i.e. since 2022.10.14 about 19:00 UTC), a number of reports have circulated about emails from FamilySearch telling about a security breach and "an unauthorized network intrusion". Can you disclose any information?
Answers
-
Yes, I too, would like some elaboration on this - including whether these emails are genuine.
Mine shows it coming from [email protected] but implies I am a member of The Church of Jesus Christ of Latter-day Saints. Which begs the question (since I am not a Church member), why am I authorised to hold a Church account? I just logged into one successfully using my public account login details.
In summary:
(1) Are these emails genuine?
(2) Is it only Church members whose details might have been hacked?
0 -
Look at the email headers. That will show the conversation between mail servers and let you know if it's real.
0 -
Thank you for your question.
Have you had a chance to review the information and frequently asked questions found on the
3 -
At least that article is useful in establishing the authenticity of the emails.
0 -
See https://www.familysearch.org/en/newsroom/data-incident (FamilySearch Account Data Incident posted Oct.13 By FamilySearch)
0 -
I too have had almost identical emails from both FamilySearch and the Latter-DaySaints Church (of which I am not a member nor have I ever registered on their website). When the Family Search mail came I accepted it as genuine but when the second one came I wasn't so sure. I've read the article here that seems to confirm the hack - I don't know what to believe.
0 -
From my most recent post, I accept the hack did take place and the notification was genuine, but am still confused as to why records seem to indicate I am a Church member. Is a Church account open to all, or have I been given one in error?
0 -
I think those emails are being ...inexact in their terminology, and calling any FamilySearch account a "church account".
(I, too, got two notifications. My email conveniently filed them as spam, and I did not argue with it.)
1 -
I just wanted to confirm that anyone can sign-in to a Church account. I find it slightly different (in the way you would expect, given the title), although I still can't get access to "LDS members only" stuff, of course (i.e., restricted films).
0 -
an LDS Church Account is one where the person's LDS Membership number is linked to the account.
so only an LDS member will have that. . ..
(note LDS members can actually create an alternate NON LDS account - simply by not linking it to their membership number)
If a Non LDS attempted to create an LDS account - it would fail in creating a true LDS account because they would not be able to enter or validate an LDS membership number. (give it a try if you want to test it out)
also this email seems very suspect:
Note the EXTRA "e." in the name - which makes it very suspicious.
(note that spammers/phishers can make the SENDING email really whatever they want (even if FamilySearch was never hacked) similar to how sometimes people will get email that APPEARS to come from YOUR email account - but actually never did. (it does not always mean your email account was hacked) it can simply mean that the sender email on the email transaction was "spoofed".
0 -
@Paul W Yes, anyone can create a Church account, which is separate from a FamilySearch account. The article below explains how to setup one up. For a non-member, there is an option to select that on the membership screen. Does that help? Sam ☺️
1 -
BUT if the person is not an LDS member - the account will NOT be considered a true LDS account. (and the system knows and validates this based on a MEMBERSHIP number which non members dont have)
LDS accounts are ones with Membership numbers linked.
the major difference between LDS accounts and NON LDS accounts is mainly that Temple ordinance data is not shown for non lds accounts - since that is only significant to LDS members.
Temple Ordinance data will not show for NON LDS accounts [those with no membership number] (no matter what link they may have initiated the account creation process on)
But I guess it depends what you consider a ":LDS account"
you probably can create an acount under lds.org (now churchofjesuschrist.org) for a non member
BUT within the context of FamilySearch - most people use the phrase "LDS account" to differentiate from those that are not LDS (NON LDS accounts) that dont show temple ordinances etc.
So I guess it kind of depends on the context of the question.
within the context of just Familysearch (and not LDS.org in general) - LDS FamilySearch accounts are ones with membership numbers and such accounts act differently than NON LDS accounts - mostly in ref to temple ordinance data displaying.
0 -
Yes, you are referring to a FamilySearch account and the difference in a member account and a non-member account there. As you know there is also a Church account that is separate from FamilySearch. It can be used to login to FamilySearch but otherwise they aren't connected. I think Paul was referring to this account. So, yes a non-member can have a Church account that is setup on the ChurchofJesusChrist.org website and not FamilySearch.org and is different than the FamilySearch account. It isn't tied to a membership account so it doesn't give access to things like ward directories or things specific to a member account on the ChurchofJesusChrist.org. Make sense? Sam 😊
0 -
@Sam Sulser and @Dennis J Yancey
Thank you for your responses. You have made the situation very clear. Of course, I knew there had to be two types of account - from the fact that I had no different access rights than if I logged in via familysearch.org. I suppose the confusion that can arise is similar to that caused to some FS users in now having the Facebook option as a way of signing-in.
There were actually two reasons for my querying the details in this email. Firstly, I wanted to know (especially as it had been sent to me) whether my details were at the same risk than if I were a Church member. Secondly, I took the Engagement Number reference (starting with a "B") as possibly representing a Church membership number.
Sorry for making so much fuss! Looking at the URL reference it appears to be identical - maybe my memory is playing tricks, but I thought that when I last signed in via a Church account there was the option of direct links to pages / articles giving details of Church beliefs, etc., but apparently I was mistaken if, whatever the sign-in method - public account, Church account or Facebook - non-members always find themselves taken to a pubic account.
Update - in fact I now see that signing in via Facebook means you literally do that, but when I click on the icon for ChurchofJesusChrist.org account, I am connected to https://www.familysearch.org/en/ and not a URL for the Church account!
(Further update) NO - not true! This only happened because of my saved cookies. When I switched from Firefox to Chrome, I was presented with the https://id.churchofjesuschrist.org/ sign-in - as (having no saved cookies on Chrome) FamilySearch had no idea who I was. (Must get more computer-savvy.)
0 -
Finally figured it out! Having previously signed-in this morning with Firefox, it was recognised I was not a Church member, so I was taken directly to https://www.familysearch.org/en/. However, when I switched to Chrome, my identity was not recognised, so I was was taken to the page below. On clicking on the FamilySearch.org link, it then became recognised I was not a Church member and I ended-up in the public account.
One final query, how do Church members get to their accounts (including Temple data) - i.e., is there a different Home page (to the above) that follows their sign-in (where it is recognised, I assume, they are LDS)?
0 -
LDS members log on the same way as NON LDS members
simply that the system detects they are members (based on a membership ID field on the account) and routes them and configures things accordingly.
Was that your question?? - or was your question how they initially create their account?
0 -
to further confuse the matter - if we didnt already state it above - it USED to be in the past (like more than 2 years ago) that LDS members could use a single LDS.ORG user ID and password and log on to both/either systems. (changing your password on one - changed the password for both systems)
about 1-2 years ago that changed - and now the LDS.org user id and password is disjoint from the FamilySearch user id and password (though it is rather confusing because many people dont actually realize this - as a person can have the same user id and password on both system. But they have been for the past two years or so - DISJOINT accounts. (that could have the same account values)
so now an LDS members lds.org password - can be different than their FS password.
to further confuse things lds.org is now churchofjesuschrist.org
1
