Verogen, which partnered with GEDMatch in December of 2019, experienced a security breach. Verogen posted the following on its blog:
“On the morning of July 19, GEDmatch experienced a security breach orchestrated through a sophisticated attack on one of our servers via an existing user account. We became aware of the situation a short time later and immediately took the site down. As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours. During this time, users who did not opt-in for law enforcement matching were available for law enforcement matching, and, conversely, all law enforcement profiles were made visible to GEDmatch users.”
On July 21, 2020, MyHeritage posted a blog alerting its users to a malicious phishing attempt.
Someone was sending an email to MyHeritage users in an effort to steal their login information. The email included a link that misspelled MyHeritage’s URL (by replacing the letter g with the letter q). Those who clicked that link were taken to a fake MyHeritage website.
How did this happen? MyHeritage wrote:
“The perpetrators then started sending a phishing email to email addresses that they apparently compromised from GEDmatch. We don’t know if they emailed (or intend to email) all the users of GEDmatch or only those who uploaded DNA data to GEDmatch that originated from MyHeritage. What we found with all the users they did email, after speaking with these users, is that those users are all using GEDmatch. Because GEDmatch suffered a data breach two days ago, we suspect that this is how the perpetrators got their email addresses and names for this abuse.”
MyHeritage also made it clear that the phishing website had been taken down from the site that hosted it. Even so, genealogists who use GEDMatch should be extra cautions before clicking a link in an email. What may appear to be coming from a legitimate genealogy company could be from a scammer.
Related Articles on FamilyTree.com:
Police Used DNA to Identify the Golden State Killer
Department of Justice Made Rules About Forensic Genetic Genealogy
< Return To Blog
Leave a Reply