Hackers target DNA profiles on major genealogy databases

GEDmatch breach results in phishing campaign targeting MyHeritage users

On July 19, users of the genealogy website GEDmatch were met by an unpleasant surprise when they logged in to the website. More than 1 million DNA profiles that were previously hidden from law enforcement were now available for police to search. Then, on July 21, MyHeritage announced some of its users were subjected to a phishing attack targeting their login credentials for the site. Email addresses targeted in the attack were the same ones stolen in the GEDmatch attack just two days earlier.

News of the breach comes months after Verogen purchased GEDmatch. At the time of the acquisition, Verogen told GEDmatch users it would protect their privacy but would also use genealogy to assist in solving violent crimes. Users who wished to remain anonymous could opt out of submitting their genetic information to law enforcement. 

These safeguards failed during the have. According to GEDmatch, the data breach resulted in all user accounts being reset and making them visible to all GEDmatch users and law enforcement for about three hours.

“As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours,” the statement reads. “During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users.”

Service at GEDmatch briefly resumed after the initial breach, but the site has since been taken offline and replaced with the message that reads, “The GEDmatch site is down for maintenance - Currently No ETA.”

In a statement, Verogen further explained, “We are working with a cybersecurity firm to conduct a comprehensive forensic review and help us implement the best possible security measures.” Verogen has also reported the hack to the authorities.

Though Verogen reassured its users that no user data was downloaded or compromised during the breach, this claim came into question on July 21 when MyHeritage warned its customers they may be targeted by an email phishing campaign. According to MyHeritage, the hackers got the users’ email addresses from the GEDmatch hack. 

The MyHeritage phishing campaign included a phishing email that sent users to a fake login page at the domain myheritaqe.com. This page was designed to harvest their usernames and passwords.

In a blog post, MyHeritage explained, “We suspect that the data breach on GEDmatch may have included theft of GEDmatch’s user database (at least email addresses and names of customers, perhaps more) and the perpetrators then proceeded to launch a phishing attack against those users from GEDmatch who are using MyHeritage, by sending them a phishing email to try to collect their passwords. It’s possible that the perpetrators did not retrieve the user database in the current breach but had it in their possession from an earlier intrusion into GEDmatch.”

According to MyHeritage, hackers lured 105 users to the fake website. Of those users, 16 were duped by the website and entered their login credentials.

What motivated these attacks remains unclear. Genealogists say they fear the security breaches may discourage individuals from putting their DNA profiles online, which could negatively impact the online genealogy community and efforts to solve cold cases.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021