Hackers were able to get into GEDmatch’s network to change permission settings on millions of user profiles. For about three hours, any member on the site could see any other member’s DNA profile.
Normally, GEDmatch users have the option to select whether or not they want to their DNA profiles visible by police that use the platform. When the attack changed those permissions, their data was visible to all law enforcement officers who may have searched GEDmatch during that time.
According to GEDmatch’s parent company, Verogen, no user data was compromised or downloaded, but that may not be true. A couple days later, a phishing scheme that targeted people who used both GEDmatch and another genealogy website was discovered. Preliminary findings are showing that the phishing attack is using email data more than likely derived from the GEDmatch hack.
GEDmatch is currently down. Verogen is working with a cyber-security firm to do a review and increase security on the site. That, however, more than likely wont be enough to recover users’ newly lost trust.
Featured Image Credit: [Pixabay]