DNA Company ‘GEDmatch’ Hacked in Data Breach

· Andrew Orr · Link

Image containing the words “data breach”

First, over a million DNA profiles from GEDmatch were leaked. Then, email addresses from the breach were used in a phishing attack against users of genealogy website MyHeritage.

As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours. During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users.

If GEDmatch sounds familiar, it was the DNA database used to identify the Golden State Killer.

New ProtonMail Anti-Phishing Feature Makes You Confirm

· Andrew Orr · Link

ProtonMail logo

For the past several days I’ve seen a new dialog box whenever I tap on a link in ProtonMail for iOS. It turns out that it’s a new ProtonMail anti-phishing feature.

Another security improvement is our new link confirmation modal, which is now enabled by default on all our apps. This anti-phishing feature helps you avoid opening a link by mistake or going to a different page than you intended.

How to Break Into an iCloud-Locked iPhone

· Andrew Orr · Link

Unknown Criminal

Hackers, thieves, and independent repair companies can find ways to break into iCloud-locked iPhones.

The iCloud security feature has likely cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices…Making matters more complicated is the fact that not all iCloud-locked phones are stolen devices—some of them are phones that are returned to telecom companies as part of phone upgrade and insurance programs.

TL;DR: Phishing, mugging, and social engineering are methods. You can even remove the CPU and reprogram it by stealing an unused IMEI.

An Inside Look Into a Recent Spam Operation

· Andrew Orr · News

Millions of people were affected for 10 days in March by a spam email operation. But the spammer didn’t set a password for their server (via TechCrunch). [Apple Support Scam is a new Voice Phishing Trick] Email Spam It’s a fascinating story. Security researcher Bob Diachenko found the server after the operation. The spammer had…

Celebgate Hacker Gets 34 Months in Prison

· Andrew Orr · News

Former school teacher Christopher Brennan—Celebgate hacker—was recently sentenced to 34 months in prison after pleading guilty.

Email Scams Increasingly Involve iTunes Gift Cards

· Andrew Orr · Link

Email scams are increasingly involving iTunes gift cards, instead of the old wire transfers. Lily Hay Newman as the scoop.

This trend is on the rise among scammers, both for individual targets and organizations. The Federal Trade Commission reported in October that 26 percent of people who report being scammed in 2018 said they bought or reloaded a gift card to deliver the money, up from seven percent in 2015. The FTC says that gift card-related losses reported to the agency totaled $20 million in 2015, $27 million in 2016, $40 million in 2017, and $53 million in the first nine months of 2018 alone.