First, over a million DNA profiles from GEDmatch were leaked. Then, email addresses from the breach were used in a phishing attack against users of genealogy website MyHeritage.
As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours. During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users.
If GEDmatch sounds familiar, it was the DNA database used to identify the Golden State Killer.
Check It Out: DNA Company ‘GEDmatch’ Hacked in Data Breach