Hackers target DNA profiles on major genealogy databases

GEDmatch breach results in phishing campaign targeting MyHeritage users

On July 19, users of the genealogy website GEDmatch were met by an unpleasant surprise when they logged in to the website. More than 1 million DNA profiles that were previously hidden from law enforcement were now available for police to search. Then, on July 21, MyHeritage announced some of its users were subjected to a phishing attack targeting their login credentials for the site. Email addresses targeted in the attack were the same ones stolen in the GEDmatch attack just two days earlier.

News of the breach comes months after Verogen purchased GEDmatch. At the time of the acquisition, Verogen told GEDmatch users it would protect their privacy but would also use genealogy to assist in solving violent crimes. Users who wished to remain anonymous could opt out of submitting their genetic information to law enforcement. 

These safeguards failed during the have. According to GEDmatch, the data breach resulted in all user accounts being reset and making them visible to all GEDmatch users and law enforcement for about three hours.

“As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours,” the statement reads. “During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users.”

Service at GEDmatch briefly resumed after the initial breach, but the site has since been taken offline and replaced with the message that reads, “The GEDmatch site is down for maintenance - Currently No ETA.”

In a statement, Verogen further explained, “We are working with a cybersecurity firm to conduct a comprehensive forensic review and help us implement the best possible security measures.” Verogen has also reported the hack to the authorities.

Though Verogen reassured its users that no user data was downloaded or compromised during the breach, this claim came into question on July 21 when MyHeritage warned its customers they may be targeted by an email phishing campaign. According to MyHeritage, the hackers got the users’ email addresses from the GEDmatch hack. 

The MyHeritage phishing campaign included a phishing email that sent users to a fake login page at the domain myheritaqe.com. This page was designed to harvest their usernames and passwords.

In a blog post, MyHeritage explained, “We suspect that the data breach on GEDmatch may have included theft of GEDmatch’s user database (at least email addresses and names of customers, perhaps more) and the perpetrators then proceeded to launch a phishing attack against those users from GEDmatch who are using MyHeritage, by sending them a phishing email to try to collect their passwords. It’s possible that the perpetrators did not retrieve the user database in the current breach but had it in their possession from an earlier intrusion into GEDmatch.”

According to MyHeritage, hackers lured 105 users to the fake website. Of those users, 16 were duped by the website and entered their login credentials.

What motivated these attacks remains unclear. Genealogists say they fear the security breaches may discourage individuals from putting their DNA profiles online, which could negatively impact the online genealogy community and efforts to solve cold cases.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020
How to wipe a laptop easily and securely
Security

How to wipe a laptop easily and securely

5 Oct 2020