While Ancestry security team may be confident, I am leery as too many security breaches this week with MyHeritage and GEDmatch don’t inspire a lot of confidence in security precautions in the genealogy world. I saw this article today on Ancestry – Ancestry security team confident Family Tree Maker vulnerability has not impacted Ancestry’s systems: https://blogs.ancestry.com/ancestry/2020/07/22/ancestry-security-team-confident-family-tree-maker-vulnerability-has-not-impacted-ancestrys-systems/.
We have been alerted to a potential security vulnerability at the MacKiev Company, which owns Family Tree Maker software. While we no longer have formal affiliation with the company, Family Tree Maker is used by some Ancestry customers to sync family trees between Family Tree Maker software and Ancestry. Based on our investigation, we do not believe that any Ancestry systems or data have been compromised. The Ancestry-Family Tree Maker sync uses OAuth2, a widely- used authentication protocol to provide Family Tree Maker permission to access Ancestry resources without exposing user passwords.
As a best practice, we recommend Ancestry customers who have used their Ancestry credentials to access Family Tree Maker software change their password and enable two-factor authentication.