RootsChat.Com

General => Ancestral Family Tree DNA Testing => Topic started by: LizzieL on Sunday 19 July 20 20:03 BST (UK)

Title: GEDmatch Security Breach 19 July 2020
Post by: LizzieL on Sunday 19 July 20 20:03 BST (UK)
Just got this email from DNA Geek

"Sometime on the morning of Sunday, 19 July 2020, the GEDmatch site was either hacked or experienced a severe programming failure.  User email addresses seem to have been altered, but the biggest concern is that DNA kit privacy was breached.  Kits that were marked "private" or "research", meaning they should not show in the match lists of anyone else, because visible, and kits that had opted out of law enforcement matching were opted in.

This is a breaking story.  I will update as more information becomes available.  If you have screen shots you're willing to share, please let me know."
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Gadget on Sunday 19 July 20 20:09 BST (UK)
Oh dear - that is serious and very worrying for everyone who had data on the site.

I asked for my data and personal details to be deleted  when the new regs came in as I had managed to get all relevant info and I had few close matches there.  I do hope my info was destroyed/removed.

Thanks for the info, Lizzie.

Gadget

 
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Liviani on Monday 20 July 20 23:46 BST (UK)
This is worrying.

I noticed something very wrong with the site yesterday and I couldn't access it. This is a serious data breach.

I logged in tonight and it was being odd again. I had some very strange new matches, lots and lots of them and they were all very very high with odd email addresses/names and "testing" companies, in the hundreds and up.

I tried refreshing the page and it's down again, so I can't access it to remove my kits.

Added: Their Facebook page said this ~24 hours ago;

Quote
Today, we became aware of an issue that caused user permissions to be set incorrectly. We took the site down while our technical team worked to resolve the issue. We are confident that the problem has been corrected and the site is now available once again. Further, we have taken precautions to ensure this issue does not arise in the future. We will share any additional information about this incident as it becomes available.

It's not been corrected as issues still present.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: LizzieL on Tuesday 21 July 20 07:46 BST (UK)
Maybe the odd new matches are connected to the law enforcement agency permission button.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Petros on Tuesday 21 July 20 07:56 BST (UK)
It's now offline
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: LizzieL on Tuesday 21 July 20 08:17 BST (UK)
Some more information here

http://www.rootschat.com/links/01pqt/


Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Flemming on Tuesday 21 July 20 12:38 BST (UK)
Some more information here

http://www.rootschat.com/links/01pqt/

What site does this take you to? Is it TechCrunch - what is this? Too many cookies to go through to see.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Liviani on Tuesday 21 July 20 12:39 BST (UK)
Some more information here

http://www.rootschat.com/links/01pqt/


What site does this take you to? Is it TechCrunch - what is this? Too many cookies to go through to see.

Techcrunch
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Flemming on Tuesday 21 July 20 12:49 BST (UK)
Yes, I can see that. What does it do?
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Liviani on Tuesday 21 July 20 12:52 BST (UK)
Yes, I can see that. What does it do?

It's just a site with articles about the tech industry. It doesn't "do" anything else that I can see.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Flemming on Tuesday 21 July 20 12:53 BST (UK)
Right, ok, thanks.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: confusion on Tuesday 21 July 20 20:01 BST (UK)
If you have concerns you may send them an email directly and I am sure they can help with any questions. It looks like users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users. I would check your profile when the site if back up just to make sure your settings are how you want them

Quote
FROM GEDMatch:
On the morning of July 19, GEDmatch experienced a security breach orchestrated through a sophisticated attack on one of our servers via an existing user account. We became aware of the situation a short time later and immediately took the site down. As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours. During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users.
This was the extent of the breach. No user data was downloaded or compromised.
We have reported the unauthorized access to the appropriate authorities and continue to work toward identifying the individuals responsible for this violation.
Today, as we continued to investigate the incident and work on a permanent solution to safeguard against threats of this nature, we discovered that the site was still vulnerable and made the decision to take the site down until such time that we can be absolutely sure that user data is protected against potential attacks. We are working with a cybersecurity firm to conduct a comprehensive forensic review and help us implement the best possible security measures.
This is clearly disappointing for our company, as user privacy and data security are our top priorities. We apologize to our GEDmatch users and our law enforcement customers for the concern and frustration this situation has caused.
Thank you for your continued support of GEDmatch.
If you have questions, please reach out to us at [email protected] We will update you as soon as we have more information to share.

Good luck with that one

Jim

Title: Re: GEDmatch Security Breach 19 July 2020
Post by: LizzieL on Wednesday 22 July 20 07:22 BST (UK)
A couple more worrying posts

https://thednageek.com/mystery-matches-at-gedmatch

https://thednageek.com/phishing-attempt-at-myheritage/
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: davidft on Wednesday 22 July 20 10:35 BST (UK)
This is interesting as i have just seen the email from GEDmatch.

I have not been on this site (Rootschat) for the last few days as my computer was telling me Rootschat security was out of date but looking at the dates of replies to messages on here it obviously was still working or people were ignoring the security message (assuming they got it). All a bit puzzling  ???
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Liviani on Wednesday 22 July 20 10:37 BST (UK)
This is interesting as i have just seen the email from GEDmatch.

I have not been on this site (Rootschat) for the last few days as my computer was telling me Rootschat security was out of date but looking at the dates of replies to messages on here it obviously was still working or people were ignoring the security message (assuming they got it). All a bit puzzling  ???

I had that security message as well. However, I am currently accessing this site from my phone and the security message doesn't appear there strangely.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: davidft on Wednesday 22 July 20 10:39 BST (UK)
Yes thank you Liviani, I now see the problem was known to Rootschat and there are several posts in various places about it. Phew at least it was not me doing something wrong  ;)
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Zaphod99 on Wednesday 22 July 20 13:56 BST (UK)
I just came to report this, but I am obviously the last to know.

Oddly, I used the site extensively at the weekend and passed on some match details to distant cousins. The following morning, Monday, I couldn't replicate my findings and had to retract what I had said. It was actually very disappointing. I now wonder if there was a co nection. I'll try again when it's back up.

Zaph
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Zaphod99 on Wednesday 22 July 20 14:07 BST (UK)
Having read the links listed earlier, I now wonder if my earlier research was correct. I don't see how the results could have changed, but I was so sure about what I told cousins. I was so mad at myself for being careless, but now I can't wait for Gedmatch to be up again to check. It was an exciting discovery that I made.

Z
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Romilly on Wednesday 22 July 20 14:09 BST (UK)
This is very annoying, as I was planning to delete my kits from Gedmatch, and now I canít get on the Site at all:-(

I have also heard that thereís also been a data breach on the My Heritage Site too...

Romilly.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Gadget on Wednesday 22 July 20 15:07 BST (UK)


I have also heard that thereís also been a data breach on the My Heritage Site too...

Romilly.

I think it's if you click on an e-mail from My Heritage spelt with a Q rather than a G

See previous link:


https://thednageek.com/phishing-attempt-at-myheritage/

Title: Re: GEDmatch Security Breach 19 July 2020
Post by: ms_canuck on Wednesday 22 July 20 16:33 BST (UK)
I received an email from GEDMatch today advising that they have temporarily closed their site due to a security breach 'orchestrated through a sophisticated attack on one of our servers via an existing user account'.  As a result, 'all user permissions were reset, making all profiles visible to all users' for approximately 3 hours.  The hackers switched the opt-out to law enforcement matching so that everyone was 'opted in' and then GEDmatch discovered a second breach that reversed the opt-out so that no profiles were visible for law enforcement matching.

They assure me that my 'DNA information was not compromised, as GEDmatch does not store raw DNA files on the site'.

They are working with a 'leading cybersecurity firm to conduct a comprehensive forensic review' and to help them 'implement the best possible security measures'.  The incident(s) have been reported to the appropriate authorities. 

Today they were informed that 'customers of MyHeritage who are also GEDmatch customers were the target of a phishing scam'.  They don't know at this point if this was the result of the breach.  They caution against opening suspicious emails and give their correct email and phone number.  The email is signed by the CEO of Verogen Inc., Brett Williams.

So what else will 2020 bring us!  Not a question any of us really want an answer to right???

Regards all

Ms_C
[Edit:  Thanks for moving my post here.  I did search, but didn't find this thread.]
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Pheno on Wednesday 22 July 20 16:40 BST (UK)
Oh blast, I have just responded to my first evr MyHeritage message - although I did find the person on Ancestry too so hopefully it is genuine.

Pheno
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Romilly on Wednesday 22 July 20 16:44 BST (UK)

Thanks Gadget.

Romilly.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Flemming on Wednesday 22 July 20 16:55 BST (UK)
Ongoing thread here...

Moderator Comment: Topics Merged

Title: Re: GEDmatch Security Breach 19 July 2020 Back on line
Post by: Zaphod99 on Saturday 25 July 20 18:15 BST (UK)
I just logged in to GEDMatch, currently with the following warning

"We have completed a thorough review of the site for security vulnerabilities and have made changes where appropriate to ensure the security of your data. If you note any issues that are of concern, please submit a request tracker ticket for resolution. For our Tier 1 members we will be extending your membership by 1 week."

Zaph
Title: Re: GEDmatch Security Breach 19 July 2020 Back on line
Post by: melba_schmelba on Saturday 01 August 20 19:17 BST (UK)
Seems to have been offline again for almost 24 hours, and no updates whatsoever on the Facebook page.

https://www.facebook.com/officialGEDmatch/

UPDATE: Now back up again ::)

Title: Re: GEDmatch Security Breach 19 July 2020 Back on line
Post by: Liviani on Sunday 02 August 20 19:10 BST (UK)
Seems to have been offline again for almost 24 hours, and no updates whatsoever on the Facebook page.

https://www.facebook.com/officialGEDmatch/

UPDATE: Now back up again ::)

It's down again, and no update on their Social Media page.

I am getting increasingly frustrated with the lack of communication from Verogen. It just goes down, we don't know why and they don't tell us.
I would understand if it was still in the hands of a couple of people as before, but it's not now.

Title: Re: GEDmatch Security Breach 19 July 2020 Back on line
Post by: melba_schmelba on Sunday 02 August 20 19:29 BST (UK)
Seems to have been offline again for almost 24 hours, and no updates whatsoever on the Facebook page.

https://www.facebook.com/officialGEDmatch/

UPDATE: Now back up again ::)

It's down again, and no update on their Social Media page.

I am getting increasingly frustrated with the lack of communication from Verogen. It just goes down, we don't know why and they don't tell us.
I would understand if it was still in the hands of a couple of people as before, but it's not now.
Yes, it isn't good at all. Is it being hacked again? Did they discover some more vulnerabilities and took it down themselves? We need to be told otherwise confidence in the site is going to disappear.
Title: Re: GEDmatch Security Breach 19 July 2020 Back on line
Post by: Liviani on Sunday 02 August 20 19:36 BST (UK)
Seems to have been offline again for almost 24 hours, and no updates whatsoever on the Facebook page.

https://www.facebook.com/officialGEDmatch/

UPDATE: Now back up again ::)

It's down again, and no update on their Social Media page.

I am getting increasingly frustrated with the lack of communication from Verogen. It just goes down, we don't know why and they don't tell us.
I would understand if it was still in the hands of a couple of people as before, but it's not now.
Yes, it isn't good at all. Is it being hacked again? Did they discover some more vulnerabilities and took it down themselves? We need to be told otherwise confidence in the site is going to disappear.

Communication is key, especially with sensitive data including email addresses. It's all been poorly handled. I know that things happen, but they need to start communicating with their customers.

I'm also a Tier 1 customer and they gave an extra week to compensate for the previous downtime the other day. It's not enough when the service is continually down.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: medpat on Sunday 02 August 20 20:14 BST (UK)
I don't understand, I have been on every day since it came back with no problems and just been on again with no bother :o
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Liviani on Sunday 02 August 20 20:32 BST (UK)
I don't understand, I have been on every day since it came back with no problems and just been on again with no bother :o

Luck with timings I suppose. It's back up for me, but earlier it was down for a lengthy period with a message stating "No ETA" so it wasn't just us.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Flemming on Thursday 03 September 20 13:45 BST (UK)
Is GEDmatch still unavailable? I'm getting 'no ETA' for resumption when I click on the site url.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Liviani on Thursday 03 September 20 13:47 BST (UK)
Is GEDmatch still unavailable? I'm getting 'no ETA' for resumption when I click on the site url.

I'm getting the same. It says maintenance, not sure if it's planned or unplanned.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: melba_schmelba on Thursday 03 September 20 13:59 BST (UK)
Is GEDmatch still unavailable? I'm getting 'no ETA' for resumption when I click on the site url.

I'm getting the same. It says maintenance, not sure if it's planned or unplanned.
Has this being going on for a week? Can't be good :o

https://www.facebook.com/officialGEDmatch/

GEDmatch
26 August at 07:34 ∑
We have taken GEDmatch down while we work through an internal technical issue. We will update you as soon as the site is back online.


EDIT: from the comments, which have worrying descriptions of all sorts of mayhem involving kits assigned to other emails etc. it appears it did come back online. But now off again ::).
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: Liviani on Thursday 03 September 20 14:02 BST (UK)
Is GEDmatch still unavailable? I'm getting 'no ETA' for resumption when I click on the site url.

I'm getting the same. It says maintenance, not sure if it's planned or unplanned.
Has this being going on for a week? Can't be good :o

https://www.facebook.com/officialGEDmatch/

GEDmatch
26 August at 07:34 ∑
We have taken GEDmatch down while we work through an internal technical issue. We will update you as soon as the site is back online.

I don't believe so as I've been using it every day. That must've been a short term one.
Title: Re: GEDmatch Security Breach 19 July 2020
Post by: melba_schmelba on Thursday 03 September 20 16:08 BST (UK)
Is GEDmatch still unavailable? I'm getting 'no ETA' for resumption when I click on the site url.

I'm getting the same. It says maintenance, not sure if it's planned or unplanned.
Has this being going on for a week? Can't be good :o

https://www.facebook.com/officialGEDmatch/

GEDmatch
26 August at 07:34 ∑
We have taken GEDmatch down while we work through an internal technical issue. We will update you as soon as the site is back online.

I don't believe so as I've been using it every day. That must've been a short term one.
It seems it might be back up now, but people saw some very strange malfunctions previously it seems

https://forums.gedmatch.com/BB/viewtopic.php?f=9&t=664&sid=2593fc12439eb9091e6c88cce40ca5c7