GEDmatch

History

2021: US police find rapist through genealogical site

At the end of June 2021, police in Tampa (Florida, USA) used GEDmatch and FamilyTree genealogical testing websites to find a 14-year-old rape suspect. More details here.

2020: Hacking major DNA databases, stealing genealogical profiles

At the end of July 2020, it became known that the GEDmatch DNA database, which allows users to search for relatives using DNA data, was hacked. The hackers used the received email addresses in a phishing attack on another leading genealogical site, MyHeritage.

In 2019, the law firm Verogen acquired GEDmatch, convincing users that it would be able to protect their privacy when working with the police, which used genealogical data to solve violent crimes. Verogen explained that GEDmatch profiles became publicly available and became available to law enforcement "through a sophisticated attack on one of our servers through an existing user account."

Hacking GEDmatch

As a result, privacy settings were reset to the original ones, that is, the profiles of many users were left unprotected for three hours and were visible to law enforcement agencies and hackers. According to Verogen, about 280,000 of the 1.45 million profiles were hacked. Experts fear that now people will not dare to post their DNA profiles on the Internet, which will harm both the network community to restore genealogical ties and the police.

GEDmatch quickly restored normal service, but the next day it turned out that hackers blocked the search for law enforcement agencies throughout the database. The site was quickly taken offline, and a message appeared in the place of the main page:

The GEDmatch site is not currently available for maintenance.

We are working with a cybersecurity firm to conduct a comprehensive forensic examination and ensure the best possible security measures, Verogen said in a statement released after the second incident.[1]

Notes