Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Databases Security

Security Breach Exposes More Than One Million DNA Profiles On Major Genealogy Database (buzzfeednews.com) 28

An anonymous reader quotes a report from BuzzFeed News: On July 19, genealogy enthusiasts who use the website GEDmatch to upload their DNA information and find relatives to fill in their family trees got an unpleasant surprise. Suddenly, more than a million DNA profiles that had been hidden from cops using the site to find partial matches to crime scene DNA were available for police to search. The news has undermined efforts by Verogen, the forensic genetics company that purchased GEDmatch last December, to convince users that it would protect their privacy while pursuing a business based on using genetic genealogy to help solve violent crimes.

A second alarm came on July 21, when MyHeritage, a genealogy website based in Israel, announced that some of its users had been subjected to a phishing attack to obtain their log-in details for the site -- apparently targeting email addresses obtained in the attack on GEDmatch just two days before. In a statement emailed to BuzzFeed News and posted on Facebook, Verogen explained that the sudden unmasking of GEDmatch profiles that were supposed to be hidden from law enforcement was "orchestrated through a sophisticated attack on one of our servers via an existing user account." "As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours," the statement said. "During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users." It's unclear whether any unauthorized profiles were searched by law enforcement.

This discussion has been archived. No new comments can be posted.

Security Breach Exposes More Than One Million DNA Profiles On Major Genealogy Database

Comments Filter:
  • by gweihir ( 88907 ) on Wednesday July 22, 2020 @04:14PM (#60320445)

    Which was, obviously, selling to the cops, the feds and other unsavory characters.

    • Why is this downmodded? The post makes a valid point and is not inflammatory.
      • Moderators moderate based on their personal opinion or agenda, not according to the moderation categories provided. -1 Disagree doesn't exist for a reason, so this is what we get instead.
      • by gweihir ( 88907 )

        Why is this downmodded? The post makes a valid point and is not inflammatory.

        Thanks. I will take your comment instead of a positive moderation.

    • Or they just take it, without paying.

      IMO, posting selfies, posting selfies while masked, volunteering your DNA, and any other identifying feature is universally stupid. How do you know in 20 years you wont have to oppose a madman running the government. Whether or not u think trump is that madman is irrelevant. Why did you give up your anonymity? Did 1984 teach you nothing? Did you just buy the cliff notes?

      • Or they just take it, without paying.

        IMO, posting selfies, posting selfies while masked, volunteering your DNA, and any other identifying feature is universally stupid. How do you know in 20 years you wont have to oppose a madman running the government. Whether or not u think trump is that madman is irrelevant. Why did you give up your anonymity? Did 1984 teach you nothing? Did you just buy the cliff notes?

        The important takeaway from the 2016 Presidential election (the Trump election in the same vein as the China virus):

        Whether you're pro-Don, Anti-Don, or Agamemnon, you'll be forced to acknowledge it's now clearly possible for the US to elect a President interested in suspending any semblance of democracy to better his personal agenda, right or wrong.

        That's all the ingredients necessary for the Republic to slip into something much less palatable. What's left of childhood me occasionally sits there in horro

        • by gweihir ( 88907 )

          Exactly. And while checks and balances still work to a degree, each time such a person gets into office they are weakened. This one now sends goons GeStaPo style into cities that do what in any sane country would be completely illegal arrests, as they basically vanish people. As far as we know everybody arrested still tuned up again later, but "You look for your husband/wive/daughter/son? Sorry, we do not have them." is only a step away. When they kill the first vanished person by accident or "by accident",

          • by e3m4n ( 947977 )

            which is why you should be an anti-federalist. What I see is that most anti-trump people are still super federalist. They expect the federal government to just magically solve any and all their problems, even before they try and solve them themselves. They figure these loopholes and powers are ok as long as its not trump. My argument is that its never ok to cede this much power. And if your default move is to look to the government for help every time you stump your toe, they turned you into a sheep. The sc

      • by gweihir ( 88907 )

        Or they just take it, without paying.

        IMO, posting selfies, posting selfies while masked, volunteering your DNA, and any other identifying feature is universally stupid. How do you know in 20 years you wont have to oppose a madman running the government. Whether or not u think trump is that madman is irrelevant. Why did you give up your anonymity? Did 1984 teach you nothing? Did you just buy the cliff notes?

        Exactly. The 4th Reich will have no trouble identifying anybody they want to get rid of fast. They will have the complete lists ready before they even take over.

      • by cusco ( 717999 )

        Sorry to tell you this, but the future is here, whether you like it or not. Just like global warming we need to learn to adapt to something that is inevitable (unless we nuke ourselves back to the Middle Ages).

        • by gweihir ( 88907 )

          Sorry to tell you this, but the future is here, whether you like it or not. Just like global warming we need to learn to adapt to something that is inevitable (unless we nuke ourselves back to the Middle Ages).

          That tired old nonsense again. Please stop claiming religion-like inevitability for things that everybody can meaningfully influence.

          • by cusco ( 717999 )

            The police in the UK alone have unfettered access to over 2 million cameras, around half of which record. Some of the facial recognition systems have over a 90% accuracy rate in good conditions and 70% under poor conditions. Tens of thousands of license plate readers are installed nationwide on toll roads, almost all run by private companies that will sell the data to anyone who wants it, and tens of thousands more in private and public locations like parking garages and smart streetlights. It's pretty m

            • by gweihir ( 88907 )

              Well, that is basically because you do not understand the situation. First, of course you have privacy. You do not have privacy _everywhere_, but that has been true since there was more than 1 human being. Second, there have always been limits to what is allowed compared to what is possible.

              Do you have a camera in your bathroom and bedroom? No? Even if yes, there are laws that prevent the enemies of privacy from demanding that you install those. On the Internet, they have exactly as much data as _you_ chose

              • by cusco ( 717999 )

                I suppose it depends on the degree to which you want to inconvenience yourself and everyone you interact with. Still, the idea of being anonymous in public is really a fairly new construct, only possible once cities grew beyond about 50,000 people and populations became voluntarily mobile. Prior to around 1850 everyone knew essentially everyone within their area, and pretty much everything they were up to, there was no privacy outside your bedroom (assuming you even had walls and doors around your bed, wh

        • by e3m4n ( 947977 )

          not quite, but I imagine we are maybe 10yrs out. Right now the checks and balances are barely holding everything together. Now if they were to maybe poison a couple more scotus judges and make it look like a heart attack, I'd begin to worry. the most toxic environment we have, believe it or not, is congress. You can pick any hot topic item, any at all, and I can point to exactly how congress was supposed to do something about it but didnt, instead passing the buck.

  • by enigma32 ( 128601 ) on Wednesday July 22, 2020 @04:26PM (#60320479)

    It's unclear whether any unauthorized profiles were searched by law enforcement.

    It's okay that they could have downloaded your info-- just change your....DNA ??? No problem.

    • Also known as plausible deniability. Now if a geneology profile shows up in a criminal case there is no way to prove the company provided it to the police.
  • by Anonymous Coward

    Data from breaches end up in law enforcements hands, anyone giving away DNA samples should expect this. Abuses of personal information is to be expected, all we can do is demand laws to punish those who obtain it without a search warrant/without cause/unlawfully.

  • by rmdingler ( 1955220 ) on Wednesday July 22, 2020 @04:37PM (#60320527) Journal

    From a Slate article [slate.com] circa 12/2019:

    Each decision created controversy. At first, Rogers’ policy was that GEDmatch would only be used to help solve the most egregious violent crimes—like murder and sexual assault. But he changed his mind after Utah law enforcement contacted Rogers for assistance in a 2018 assault case they were investigating. First, he made an exception. Then, a few months later, he codified the change and expanded the definition of “violent crime” to include “murder, nonnegligent manslaughter, aggravated rape, robbery, or aggravated assault.”

    (GEDmatch co-founder Curtis Rogers)

    Perhaps now that the information has been released into the wild, Mr Roger's moral ambiguity can be laid to rest.

  • Family (Score:3, Insightful)

    by Randseed ( 132501 ) on Wednesday July 22, 2020 @04:38PM (#60320535)
    I got pissed off when my sister submitted her DNA to "23 and me." She still doesn't realize how she fucked the entire family.
    • It's not even limited to '23 and me'.

      Don't we all have that uncle or brother-in-law who, without fail, fucks up Thanksgiving dinner for the entire family?

    • The CEO of 23andme is the wife of Google founder Sergey Brin. Family DNA is certainly being indexed.
  • by keithdowsett ( 260998 ) on Wednesday July 22, 2020 @04:43PM (#60320555) Homepage

    "It's unclear whether any unauthorized profiles were searched by law enforcement" Maybe they just cloned the whole database in those three hours instead.

    All your genes are belong to us... mwahahahahah.

  • by grep -v '.*' * ( 780312 ) on Wednesday July 22, 2020 @04:57PM (#60320611)
    I could be the most honest trustworthy person in the world and collect all of these. But I'm going to die someday, I doubt this info will go with me. And if I get bought out? Or forced to sit in the Comfy Chair of the Spanish Inquisition? Yeah, the system's password is "12346." Quit laughing, it IS; try it.

    What did you really THINK was going to happen? If you know then EVERYONE can know. Think spearfishing, either logical or physical.

    Yeah, let's just all go ahead and get rid of passwords too and use fingerprints; that'll go well. Oh, the data got "copied?" Just use another finger. Repeat x9 more times, and then? We'll just use your DNA, what could go wrong?

    Change your finger(print), change your DNA; it's easy enough. That dead guy over there with Corona isn't using his fingers, he won't mind if we swap.

    Changing my password is slightly easier and with many less hospital visits than changing my fingerprints or DNA. And what if I don't WANT to authenticate?
  • Most modern terrorist movie plots go something like they hack some unrelated thing, which forces a lockdown in some super sensitive secure area. The terrorists then use that knowledge to take advantage of some flaw in the process and wreak havoc.

    It sounds farfetched, but that's fictional TV/movie plots for you that get written because it makes it exciting and the hole is always there to give the writers the means to continue the story.

    Instead, it seems it happens in real life, where a hack causes a lockdown

  • by WankerWeasel ( 875277 ) on Wednesday July 22, 2020 @05:44PM (#60320775)
    The CEO of 23andme is the wife of Google founder Sergey Brin. If you use their DNA service, your information is already in a nice big database.
  • Subject pretty much says it all.

    This is why I'll NEVER use any of these services, even though I think tracing family trees is an interesting hobby/getting to know your long forgotten relatives.

    Once the (DNA) data is out of your hands, it's out of your control, no matter what the companies "terms of serivce" say.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...