A major breach in GEDmatch led to alterations in the permission setting of all the users. On 19 July, a security breach was reported to the GED officials when an attack was targeted at the server via an existing account. To handle the situation, the site was taken down by the authorities. The breach resulted in resetting the settings and making the data of all the users visible to the law enforcement agencies, even those who had opted not to share their data in the privacy settings.
The situation continued for 3 hours, and GEDmatch uploaded the information on their Facebook page to inform its users about the breach. They apologized for the breach and promised to fix the issue and deal with any further vulnerability. They have taken down the website until they completely secure the website.
GEDmatch is a biotechnology company that allows its users to update the data about their DNA to trace their ancestors and family trees. In 2018, it was used by law enforcement agencies to identify a suspect in the Golden State Killer case in California. Since then, these agencies are using the website to detect DNA in serious violent crimes.
However, in May 2019, to ensure the privacy of its users, GEDmatch made it optional for them to share their data with law enforcement agencies. In December of 2019, Verogen Incorporation, a sequencing company dedicated to forensic science, acquired GEDmatch.
The company reported the issue to the authorities. The company has claimed that no data has been compromised or downloaded. However, that cannot be said with confidence.
Two days after the attack was prompted on the GEDmatch database, MyHeritage reported a phishing attack on its users. MyHeritage published a blog and stated that the attack might have a link with the GEDmatch breach.
The perpetrators have made a fake website MyHeritaqe.com and hosted it on domains like Godaddy and Azure to trick the users into filling out their login credentials. MyHeritage reported the incident that made it to link the attack to the GEDmatch incident.
“One of the users who reported the phishing email had the email copy addressed to another unique name that is not associated with his account on MyHeritage, and that name does not exist on MyHeritage, but it’s the name associated with his account on GEDmatch, which strengthens our suspicion that the account details for phishing were retrieved by the perpetrators from GEDmatch.”
The attack was brought to attention by some users on the company’s social media handle, and the company immediately issued a warning to its users. In the blog, the company claims to have suspected that the attackers of the GEDmatch breach may have stolen the data (username and passwords) of the users and used the data to launch an attack on the common users of both the platforms.
However, MyHeritage has made it clear that these are suspicions, and there can be possible attacks on similar platforms as well. The company took mitigation steps on time, and that has possibly avoided the attackers to further penetrate onto other websites.