Data breaches are never fun, but they can be especially troubling when they happen on platforms with access to super sensitive information — like your DNA. 

MyHeritage, a platform that offers DNA testing and genealogy services, on Monday learned it had been hacked after a security researcher reported finding a file that contained email addresses and hashed passwords on a private server.

The Israeli-based company’s information security team reviewed the file and confirmed the data was from MyHeritage. It includes the email addresses and hashed passwords of the more than 92 million users who signed up for the platform up to Oct. 26, 2017, which was the date of the breach, according to a statement from MyHeritage.  

The company said it doesn’t store user passwords, and instead stores a one-way hash of every password in which the hash key is different for every customer. “This means that anyone gaining access to the hashed passwords does not have the actual passwords,” the company said.

The security researcher reported that there wasn’t any other MyHeritage-related data found on the private server. The company said there isn’t any evidence that the data was ever used by the hackers. Since the date of the breach, MyHeritage said, “we have not seen any activity indicating that any MyHeritage accounts had been compromised.”

The company said it believes the hack was limited to user email addresses, and has no reason to believe any other systems were compromised. Credit card information isn’t stored on MyHeritage, it said, but is instead stored on “trusted third-party billing providers” like BlueSnap and PayPal.

And as for sensitive DNA data and family tree information, MyHeritage says that information is stored on separate systems from the ones that store email addresses, “and they include added layers of security. We have no reason to believe those systems have been compromised.”

The company recommends users change their MyHeritage passwords, and said they should take advantage of a two-factor authentication feature that it plans to release soon. MyHeritage said it’s set up an Information Security Incident Response Team to investigate the incident. It’s also working with an independent cybersecurity firm, which will conduct reviews to determine the scope of the breach and offer suggestions on preventing something like this from happening again.

As DNA and genealogy platforms become more popular, privacy concerns will undoubtedly also rise. Current health privacy laws outdate platforms like 23andMe and Ancestry.com, and therefore don’t adequately protect genetic privacy. Still, DNA sites could be promising for the future of medicine. The National Institutes of Health kicked off its All of Us project last month, which looks to “uncover paths toward delivering precision medicine.” 

The platforms are also being used in another area: crime. In April, “open-source” genealogy site GEDmatch was credited with helping catch the Golden State Killer suspect. GEDmatch’s co-founder said at the time that he didn’t know his site’s services were being used to pursue the killer, and insisted it doesn’t give out data. That same database was used in May to identify the suspect in a 1987 homicide.