Latest in Gear

Image credit: KTSDESIGN/SCIENCE PHOTO LIBRARY via Getty Images

A security breach opened up access to a genealogy site’s DNA profiles

Info could've been accessed by anyone, including law enforcement.
368 Shares
Share
Tweet
Share

Sponsored Links

DNA molecule, illustration.
KTSDESIGN/SCIENCE PHOTO LIBRARY via Getty Images

Over the weekend, a security breach changed the permission settings on millions of profiles in GEDmatch, a DNA database used by genealogists. For three hours, DNA profiles were visible to all members, including law enforcement agencies, which sometimes use the site to find partial matches to crime scene DNA.

Usually, GEDmatch users can select whether or not they want to share their DNA profile with police. When the attack reset users’ permissions, their data was temporarily visible to law enforcement. It’s unclear if any police searched the database during that time.

According to Verogen, the company that recently purchased GEDmatch, no user data was downloaded or compromised. But two days later, the genealogy website MyHeritage alerted users to a phishing scheme that targeted people who used both MyHeritage and GEDmatch. In a statement posted online, the company said it suspects the attackers may have gleaned the email addresses from GEDmatch.

Verogen has taken GEDmatch down. The company says it is working with a cybersecurity firm to conduct a forensic review and safeguard the site. That may not be enough to recover users’ trust.

Some already see giving law enforcement access to DNA profiles as controversial. As BuzzFeed News reports, this incident could limit those on both sides of the debate. If GEDmatch can’t keep data safe, users may be less likely to create DNA profiles, which could make it harder for police to use the site to solve cold cases. On the other hand, if GEDmatch can’t limit police access, users who may have made a profile on the condition it wouldn’t be used by law enforcement may not create a profile at all. That means less data for genealogists to work with.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
368 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Netflix confirms it's adding playback speed controls to its Android app

Netflix confirms it's adding playback speed controls to its Android app

View
These AI-generated tennis matches are both eerie and impressive

These AI-generated tennis matches are both eerie and impressive

View
Facebook forms financial group to focus on payments

Facebook forms financial group to focus on payments

View
Space Force official logo and motto unveiled

Space Force official logo and motto unveiled

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr