A GEDmatch Data Breach Led to a MyHeritage Phishing Scam

At the time of writing, if you try to visit the website of GEDmatch, an online platform for comparing DNA profiles, you'll see a terse message that says 'The gedmatch site is down for maintenance - Currently No ETA.' What is the story behind it?

GEDmatch suffers two security breaches in a matter of a few days

It all started on July 19, when GEDmatch suffered a serious security breach. According to the official information from the DNA comparing platform, a cybercriminal used a registered user account to hack their way into one of GEDmatch's servers and change the privacy settings of millions of users.

GEDmatch is famous for being one of the online services of this kind that lets law enforcement officers go through users' DNA records and look for perpetrators of violent crimes. It made the news in 2018 when DNA data hosted by the website led to the capture of the Golden State Killer. The arrest also sparked a heated debate over the privacy implications of having law enforcement agencies rummage through users' DNA data without a prior search warrant, and eventually, GEDmatch decided that a strict opt-in policy would solve the problem. Up until the site went offline, every user who had uploaded their DNA profiles would need to specifically state that they agree with having their data accessible to the police.

When the platform got hacked on July 19, however, the cybercriminal got access to the tools controlling these settings and made all profiles available to law enforcement matching. In addition to this, all the profiles that belonged to police officers were made visible to regular users.

When Verogen, GEDmatch's owner, got wise of the situation, it immediately took the website down and set about solving the issue. After a few hours, GEDmatch was back online, and later, a Facebook post explained what had happened. In it, Verogen's security professionals said that they were "confident" that the problem has been corrected.

According to BuzzFeedNews, their confidence waned on Monday when they realized that the settings of some of the profiles had been switched again. This time, the police's access to the database was cut off completely. GEDmatch's security team took the website down again and decided not to bring it back up until they're sure that the vulnerability has been addressed.

Did the hackers steal any DNA data?

The settings were changed for a relatively short period of time, and as of right now, there's no evidence of anyone getting arrested for a violent crime because of the incident. Nevertheless, GEDmatch users are worried, and rightly so.

After all, they learned that they had uploaded their DNA profile on a platform that was attacked not once, but twice in a matter of a few days. And when it comes to sensitivity, DNA profiles top pretty much everything else.

GEDmatch says, however, that this particular aspect of the attack shouldn't worry them. In a statement, the platform said that once a user uploads their DNA profile, it gets encrypted, and the raw data is deleted. In other words, the criminals had no way of obtaining any genetic information.

Criminals launch a phishing campaign against MyHeritage users

Initially, GEDmatch thought that the hackers had accessed no personal information whatsoever. Another Facebook post from July 21 said that "no user data was downloaded or compromised," but it looks like the platform's security specialists jumped the gun with this conclusion.

Also on July 21, MyHeritage, another online genealogy platform, warned its users about a clever phishing campaign that was doing the rounds. Apparently, the phishers had registered a lookalike domain, set up a malicious login form, and sent out a few convincing-looking emails to MyHeritage users. MyHeritage appears to be convinced that the crooks got the email addresses and other personal information from GEDmatch, and GEDmatch makes no attempts to disprove this claim.

The email GEDmatch is sending out to its users omits the claims that no personal information was compromised during the attack and acknowledges that GEDmatch users who are also subscribed to MyHeritage could be targeted by a phishing scam.

The obligatory advice to be more careful with the emails you receive is more valid than ever.