Author Topic: GEDmatch Security Breach 19 July 2020  (Read 2114 times)

Offline LizzieL

  • RootsChat Marquessate
  • *******
  • Posts: 7,898
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
GEDmatch Security Breach 19 July 2020
« on: Sunday 19 July 20 20:03 BST (UK) »
Just got this email from DNA Geek

"Sometime on the morning of Sunday, 19 July 2020, the GEDmatch site was either hacked or experienced a severe programming failure.  User email addresses seem to have been altered, but the biggest concern is that DNA kit privacy was breached.  Kits that were marked "private" or "research", meaning they should not show in the match lists of anyone else, because visible, and kits that had opted out of law enforcement matching were opted in.

This is a breaking story.  I will update as more information becomes available.  If you have screen shots you're willing to share, please let me know."
Berks / Oxon: Eltham, Annetts, Wiltshire (surname not county), Hawkins, Pembroke, Partridge
Dorset / Hants: Derham, Stride, Purkiss, Sibley
Yorkshire: Pottage, Carr, Blackburn, Depledge
Sussex: Goodyer, Christopher, Trevatt
Lanark: Scott (soldier went to Jersey CI)
Jersey: Fowler, Huelin, Scott

Offline Gadget

  • RootsChat Marquessate
  • *******
  • Posts: 57,131
    • View Profile
Re: GEDmatch Security Breach 19 July 2020
« Reply #1 on: Sunday 19 July 20 20:09 BST (UK) »
Oh dear - that is serious and very worrying for everyone who had data on the site.

I asked for my data and personal details to be deleted  when the new regs came in as I had managed to get all relevant info and I had few close matches there.  I do hope my info was destroyed/removed.

Thanks for the info, Lizzie.

Gadget

 
Census &  BMD information Crown Copyright www.nationalarchives.gov.uk and GROS - www.scotlandspeople.gov.uk

***Restorers - Please do not use my restores without my permission. Thanks***

Offline Liviani

  • RootsChat Veteran
  • *****
  • Posts: 576
    • View Profile
Re: GEDmatch Security Breach 19 July 2020
« Reply #2 on: Monday 20 July 20 23:46 BST (UK) »
This is worrying.

I noticed something very wrong with the site yesterday and I couldn't access it. This is a serious data breach.

I logged in tonight and it was being odd again. I had some very strange new matches, lots and lots of them and they were all very very high with odd email addresses/names and "testing" companies, in the hundreds and up.

I tried refreshing the page and it's down again, so I can't access it to remove my kits.

Added: Their Facebook page said this ~24 hours ago;

Quote
Today, we became aware of an issue that caused user permissions to be set incorrectly. We took the site down while our technical team worked to resolve the issue. We are confident that the problem has been corrected and the site is now available once again. Further, we have taken precautions to ensure this issue does not arise in the future. We will share any additional information about this incident as it becomes available.

It's not been corrected as issues still present.
mtDNA subclade K1b2b. Father's Y-DNA I-S25383
GEDmatch kit; CF7867455
Father's kit; RY1336515
Mother's kit; AF2312865


Kincardineshire
Sheret, Hosie, Valentine, Crow, Beattie, McArthur, Wyllie.
Angus (Forfarshire)
Adam, Valentine, Ewan, Elder, Guild, Kydd, Bradford, Stronner, Gibson, Cloudsley, Evans, Stewart, Stott.
Perthshire
Small, Robertson, Murray, Kennedy, McGregor
Ross & Cromarty
Cameron, Stewart, Grant
Banffshire - Gamrie
Anderson, Massie

Offline LizzieL

  • RootsChat Marquessate
  • *******
  • Posts: 7,898
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
Re: GEDmatch Security Breach 19 July 2020
« Reply #3 on: Tuesday 21 July 20 07:46 BST (UK) »
Maybe the odd new matches are connected to the law enforcement agency permission button.
Berks / Oxon: Eltham, Annetts, Wiltshire (surname not county), Hawkins, Pembroke, Partridge
Dorset / Hants: Derham, Stride, Purkiss, Sibley
Yorkshire: Pottage, Carr, Blackburn, Depledge
Sussex: Goodyer, Christopher, Trevatt
Lanark: Scott (soldier went to Jersey CI)
Jersey: Fowler, Huelin, Scott


Offline Petros

  • RootsChat Senior
  • ****
  • Posts: 348
    • View Profile
Re: GEDmatch Security Breach 19 July 2020
« Reply #4 on: Tuesday 21 July 20 07:56 BST (UK) »
It's now offline

Offline LizzieL

  • RootsChat Marquessate
  • *******
  • Posts: 7,898
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
Re: GEDmatch Security Breach 19 July 2020
« Reply #5 on: Tuesday 21 July 20 08:17 BST (UK) »
Some more information here

http://www.rootschat.com/links/01pqt/


Berks / Oxon: Eltham, Annetts, Wiltshire (surname not county), Hawkins, Pembroke, Partridge
Dorset / Hants: Derham, Stride, Purkiss, Sibley
Yorkshire: Pottage, Carr, Blackburn, Depledge
Sussex: Goodyer, Christopher, Trevatt
Lanark: Scott (soldier went to Jersey CI)
Jersey: Fowler, Huelin, Scott

Offline Flemming

  • RootsChat Veteran
  • *****
  • Posts: 913
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
Re: GEDmatch Security Breach 19 July 2020
« Reply #6 on: Tuesday 21 July 20 12:38 BST (UK) »
Some more information here

http://www.rootschat.com/links/01pqt/

What site does this take you to? Is it TechCrunch - what is this? Too many cookies to go through to see.

Offline Liviani

  • RootsChat Veteran
  • *****
  • Posts: 576
    • View Profile
Re: GEDmatch Security Breach 19 July 2020
« Reply #7 on: Tuesday 21 July 20 12:39 BST (UK) »
Some more information here

http://www.rootschat.com/links/01pqt/


What site does this take you to? Is it TechCrunch - what is this? Too many cookies to go through to see.

Techcrunch
mtDNA subclade K1b2b. Father's Y-DNA I-S25383
GEDmatch kit; CF7867455
Father's kit; RY1336515
Mother's kit; AF2312865


Kincardineshire
Sheret, Hosie, Valentine, Crow, Beattie, McArthur, Wyllie.
Angus (Forfarshire)
Adam, Valentine, Ewan, Elder, Guild, Kydd, Bradford, Stronner, Gibson, Cloudsley, Evans, Stewart, Stott.
Perthshire
Small, Robertson, Murray, Kennedy, McGregor
Ross & Cromarty
Cameron, Stewart, Grant
Banffshire - Gamrie
Anderson, Massie

Offline Flemming

  • RootsChat Veteran
  • *****
  • Posts: 913
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
Re: GEDmatch Security Breach 19 July 2020
« Reply #8 on: Tuesday 21 July 20 12:49 BST (UK) »
Yes, I can see that. What does it do?