MyHeritage announced a data security breach to their service late yesterday, June 4, on the MyHeritage Blog.
"We determined that the file was legitimate and included the email addresses and hashed passwords of 92,283,889 users who had signed up to MyHeritage up to and including Oct 26, 2017 which is the date of the breach."
It is important to note that there is no reason to believe that any password information has been compromised. The passwords—as with almost all websites, including ours—are stored in what's called a "hash" format: essentially, a string of gibberish that can't be reconstituted to a password without a separate, binary "key" file. MyHeritage indicates that no data but email addresses seem to have been compromised:
"We have no reason to believe that any other MyHeritage systems were compromised. As an example, credit card information is not stored on MyHeritage to begin with, but only on trusted third-party billing providers (e.g. BlueSnap, PayPal) utilized by MyHeritage. Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised."
Still, for maximum safety, MyHeritage is recommending all registered users change their passwords, and use a strong, unique password. Instructions for doing so can be found at this FAQ link.