Just an aside, email addresses are always more vulnerable than passwords. That's why I use a different email address on (almost) every website I register. Sounds more daunting than it is. There are a number of services to help with this; the one I use is 33mail.com. To reap the full benefit, there's a small annual fee, but then I can generate email addresses on-the-fly (meaning I don't have to create them; I just use one to register somewhere and the address is created automatically) and any mail sent to that new, unique address forwards back to my regular email address. No muss, no fuss. And if something like this breach happens, I just change the email address on file at MyHeritage, then go to the email service provider and block the compromised address. Once an email address gets out in the wild, it stays there.