Home› Welcome to the FamilySearch Community!› Ask a Question› General Questions

FamilySearch.org hacked?

Knud Henrik Strømming
Knud Henrik Strømming ✭
October 14, 2022 edited July 9, 2024 in General Questions

Recently (i.e. since 2022.10.14 about 19:00 UTC), a number of reports have circulated about emails from FamilySearch telling about a security breach and "an unauthorized network intrusion". Can you disclose any information?

2

Answers

  • Paul W
    Paul W ✭✭✭✭✭
    October 14, 2022 edited October 14, 2022

    Yes, I too, would like some elaboration on this - including whether these emails are genuine.

    Mine shows it coming from info@e.churchofjesuschrist.org but implies I am a member of The Church of Jesus Christ of Latter-day Saints. Which begs the question (since I am not a Church member), why am I authorised to hold a Church account? I just logged into one successfully using my public account login details.

    In summary:

    (1) Are these emails genuine?

    (2) Is it only Church members whose details might have been hacked?

    0
  • DangKwei
    DangKwei ✭✭✭
    October 14, 2022

    Look at the email headers. That will show the conversation between mail servers and let you know if it's real.

    0
  • OConnorAnne1
    OConnorAnne1 ✭✭✭
    October 14, 2022 edited October 14, 2022

     Thank you for your question. 

    Have you had a chance to review the information and frequently asked questions found on the 

    FamilySearch Newsroom ? 

    3
  • Paul W
    Paul W ✭✭✭✭✭
    October 14, 2022

    At least that article is useful in establishing the authenticity of the emails.

    0
  • Paul Miniato
    Paul Miniato ✭
    October 17, 2022

    See https://www.familysearch.org/en/newsroom/data-incident (FamilySearch Account Data Incident posted Oct.13 By FamilySearch)

    0
  • TrishEastAnglian
    TrishEastAnglian ✭
    October 17, 2022

    I too have had almost identical emails from both FamilySearch and the Latter-DaySaints Church (of which I am not a member nor have I ever registered on their website). When the Family Search mail came I accepted it as genuine but when the second one came I wasn't so sure. I've read the article here that seems to confirm the hack - I don't know what to believe.

    0
  • Paul W
    Paul W ✭✭✭✭✭
    October 17, 2022

    From my most recent post, I accept the hack did take place and the notification was genuine, but am still confused as to why records seem to indicate I am a Church member. Is a Church account open to all, or have I been given one in error?

    0
  • Julia Szent-Györgyi
    Julia Szent-Györgyi ✭✭✭✭✭
    October 17, 2022

    I think those emails are being ...inexact in their terminology, and calling any FamilySearch account a "church account".

    (I, too, got two notifications. My email conveniently filed them as spam, and I did not argue with it.)

    1
  • Paul W
    Paul W ✭✭✭✭✭
    October 17, 2022 edited October 17, 2022

    @Julia Szent-Györgyi

    I just wanted to confirm that anyone can sign-in to a Church account. I find it slightly different (in the way you would expect, given the title), although I still can't get access to "LDS members only" stuff, of course (i.e., restricted films).

    0
  • Dennis J Yancey
    Dennis J Yancey ✭✭✭✭✭
    October 18, 2022 edited October 18, 2022

    an LDS Church Account is one where the person's LDS Membership number is linked to the account.

    so only an LDS member will have that. . ..

    (note LDS members can actually create an alternate NON LDS account - simply by not linking it to their membership number)


    If a Non LDS attempted to create an LDS account - it would fail in creating a true LDS account because they would not be able to enter or validate an LDS membership number. (give it a try if you want to test it out)


    also this email seems very suspect:

    info@e.churchofjesuschrist.org

    Note the EXTRA "e." in the name - which makes it very suspicious.

    (note that spammers/phishers can make the SENDING email really whatever they want (even if FamilySearch was never hacked) similar to how sometimes people will get email that APPEARS to come from YOUR email account - but actually never did. (it does not always mean your email account was hacked) it can simply mean that the sender email on the email transaction was "spoofed".

    0
  • Sam Sulser
    Sam Sulser admin
    October 18, 2022

    @Paul W Yes, anyone can create a Church account, which is separate from a FamilySearch account. The article below explains how to setup one up. For a non-member, there is an option to select that on the membership screen. Does that help? Sam ☺️

    https://www.familysearch.org/en/help/helpcenter/article/how-do-i-create-an-account-using-churchofjesuschrist-org

    1
  • Dennis J Yancey
    Dennis J Yancey ✭✭✭✭✭
    October 19, 2022 edited October 19, 2022
    https://community.familysearch.org/en/discussion/comment/475706#Comment_475706

    BUT if the person is not an LDS member - the account will NOT be considered a true LDS account. (and the system knows and validates this based on a MEMBERSHIP number which non members dont have)

    LDS accounts are ones with Membership numbers linked.

    the major difference between LDS accounts and NON LDS accounts is mainly that Temple ordinance data is not shown for non lds accounts - since that is only significant to LDS members.

    Temple Ordinance data will not show for NON LDS accounts [those with no membership number] (no matter what link they may have initiated the account creation process on)


    But I guess it depends what you consider a ":LDS account"

    you probably can create an acount under lds.org (now churchofjesuschrist.org) for a non member

    BUT within the context of FamilySearch - most people use the phrase "LDS account" to differentiate from those that are not LDS (NON LDS accounts) that dont show temple ordinances etc.


    So I guess it kind of depends on the context of the question.

    within the context of just Familysearch (and not LDS.org in general) - LDS FamilySearch accounts are ones with membership numbers and such accounts act differently than NON LDS accounts - mostly in ref to temple ordinance data displaying.

    0
  • Sam Sulser
    Sam Sulser admin
    October 19, 2022

    Yes, you are referring to a FamilySearch account and the difference in a member account and a non-member account there. As you know there is also a Church account that is separate from FamilySearch. It can be used to login to FamilySearch but otherwise they aren't connected. I think Paul was referring to this account. So, yes a non-member can have a Church account that is setup on the ChurchofJesusChrist.org website and not FamilySearch.org and is different than the FamilySearch account. It isn't tied to a membership account so it doesn't give access to things like ward directories or things specific to a member account on the ChurchofJesusChrist.org. Make sense? Sam 😊

    0
  • Paul W
    Paul W ✭✭✭✭✭
    October 19, 2022 edited October 19, 2022

    @Sam Sulser and @Dennis J Yancey

    Thank you for your responses. You have made the situation very clear. Of course, I knew there had to be two types of account - from the fact that I had no different access rights than if I logged in via familysearch.org. I suppose the confusion that can arise is similar to that caused to some FS users in now having the Facebook option as a way of signing-in.

    There were actually two reasons for my querying the details in this email. Firstly, I wanted to know (especially as it had been sent to me) whether my details were at the same risk than if I were a Church member. Secondly, I took the Engagement Number reference (starting with a "B") as possibly representing a Church membership number.

    Sorry for making so much fuss! Looking at the URL reference it appears to be identical - maybe my memory is playing tricks, but I thought that when I last signed in via a Church account there was the option of direct links to pages / articles giving details of Church beliefs, etc., but apparently I was mistaken if, whatever the sign-in method - public account, Church account or Facebook - non-members always find themselves taken to a pubic account.

    Update - in fact I now see that signing in via Facebook means you literally do that, but when I click on the icon for ChurchofJesusChrist.org account, I am connected to https://www.familysearch.org/en/ and not a URL for the Church account!

    (Further update) NO - not true! This only happened because of my saved cookies. When I switched from Firefox to Chrome, I was presented with the https://id.churchofjesuschrist.org/ sign-in - as (having no saved cookies on Chrome) FamilySearch had no idea who I was. (Must get more computer-savvy.)

    0
  • Paul W
    Paul W ✭✭✭✭✭
    October 19, 2022 edited October 19, 2022

    Finally figured it out! Having previously signed-in this morning with Firefox, it was recognised I was not a Church member, so I was taken directly to https://www.familysearch.org/en/. However, when I switched to Chrome, my identity was not recognised, so I was was taken to the page below. On clicking on the FamilySearch.org link, it then became recognised I was not a Church member and I ended-up in the public account.

    image.png

    One final query, how do Church members get to their accounts (including Temple data) - i.e., is there a different Home page (to the above) that follows their sign-in (where it is recognised, I assume, they are LDS)?

    0
  • Dennis J Yancey
    Dennis J Yancey ✭✭✭✭✭
    October 19, 2022
    https://community.familysearch.org/en/discussion/comment/475774#Comment_475774

    LDS members log on the same way as NON LDS members

    simply that the system detects they are members (based on a membership ID field on the account) and routes them and configures things accordingly.

    Was that your question?? - or was your question how they initially create their account?

    0
  • Dennis J Yancey
    Dennis J Yancey ✭✭✭✭✭
    October 19, 2022 edited October 19, 2022

    to further confuse the matter - if we didnt already state it above - it USED to be in the past (like more than 2 years ago) that LDS members could use a single LDS.ORG user ID and password and log on to both/either systems. (changing your password on one - changed the password for both systems)

    about 1-2 years ago that changed - and now the LDS.org user id and password is disjoint from the FamilySearch user id and password (though it is rather confusing because many people dont actually realize this - as a person can have the same user id and password on both system. But they have been for the past two years or so - DISJOINT accounts. (that could have the same account values)

    so now an LDS members lds.org password - can be different than their FS password.

    to further confuse things lds.org is now churchofjesuschrist.org

    1
This discussion has been closed.
Clear
No Groups Found

Categories

  • All Categories
  • 42.7K Ask a Question
  • 3.3K General Questions
  • 570 FamilySearch Center
  • 6.7K Get Involved/Indexing
  • 640 FamilySearch Account
  • 6.5K Family Tree
  • 5.1K Search
  • 997 Memories
  • 2 Suggest an Idea
  • 473 Other Languages
  • 62 Community News
  • Groups