•   
  •   
  •   

Technology After a security breach, an American site leaves a million DNA profiles accessible to the police

12:56  24 july  2020
12:56  24 july  2020 Source:   lemonde.fr

Genealogy Site Exposes One Million Profiles to Law Enforcement in Security Breach

  Genealogy Site Exposes One Million Profiles to Law Enforcement in Security Breach Mailing your spit to an ancestry site and uploading it to a DNA matching database has seemed like a pretty bad idea since 2018 when federal law enforcement officials tracked down the Golden State killer through a discarded tissue and his relatives’ online genetic profiles on GEDMatch. Since that episode generated a widely-publicized alarm, GEDMatch, which is owned by the forensic science company Verogen, changed its policy so that users could opt-in to make their information available to law enforcement.

A security breach changed the permission settings on millions of profiles in GEDmatch, a DNA database used by genealogists. Some already see giving law enforcement access to DNA profiles as controversial. As BuzzFeed News reports, this incident could limit those on both sides of the debate.

SAN FRANCISCO (AP) — A genealogy website used to catch one of California's most wanted serial killers remained shut down Thursday after a security breach exposed the DNA profiles of more than a million people to law enforcement agencies.

By updating parameters after a computer attack, the genealogical site GEDmatch left all of the genetic data of its users, including those who had not consented to it.

These are the kind of messages you don't like to receive from a business. Especially when he was given his genetic profile. On Monday, July 20, the US genealogical site GEDmatch confirmed that he had been the victim of a computer attack.

The data on GEDmatch is particularly sensitive. The particularity of this site is that the customers of this company, holders of their DNA profile, can search in the site's immense database for those belonging to the same genealogical branch as them, in order to find members of their family. Beforehand, they must register their own genetic and genealogical information.

US court finds Russian national guilty of hacking LinkedIn, Dropbox

  US court finds Russian national guilty of hacking LinkedIn, Dropbox A San Francisco jury has found Russian national Yevgeniy Nikulin guilty of one of the biggest data breaches in US history. Nikulin has been convicted of hacking LinkedIn and Dropbox back in 2012, which resulted in the theft of 117 million usernames and passwords that he tried to sell to other people on Russian—language forums. He was also found guilty of trafficking Formspring data. The massive breach served as a catalyst for Dropbox to roll out two-factor authentication and an automated feature that checks on suspicious activity. Nikulin was arrested in the Czech Republic and charged with nine felony counts back in 2016.

A genealogy website used to catch one of California's most wanted serial killers remained shut down Thursday after a security breach exposed the DNA "We can assure you that your DNA information was not compromised, as GEDmatch does not store raw DNA files on the site ," the company said.

But security breaches happen, and earlier this week, GEDMatch announced that, on July 19th Mailing your spit to an ancestry site and uploading it to a DNA matching database has seemed like a An agency only uploads a DNA profile and receives a name and email address for a user who might

Valuable elements and a platform that are also of interest to the authorities who used them in particular in 2018 in the case of the "Golden State killer". After nearly four decades of trying to find the person responsible for thirteen murders, the investigation was able to advance thanks to GEDmatch, in which investigators discovered a potential cousin distant from the suspect. This led to the arrest of 72-year-old Joseph DeAngelo. The latter has since pleaded guilty.

How the "Golden State killer" was identified by his DNA thanks to a genealogical research site Two intrusions

A few weeks after the arrest of Joseph DeAngelo, GEDmatch had introduced a new feature, leaving its users the possibility of make their genetic profile accessible or not to the police. Out of 1.45 million users, only 280,000 have consented, reports BuzzFeed.

Amazon Prime Video finally offers user profiles worldwide

  Amazon Prime Video finally offers user profiles worldwide Amazon Prime Video is finally offering personalized profiles to users worldwide. With the new feature, users can create their own Watchlist, get personalized recommendations and see their viewing progress. While Prime Video users will likely benefit, this is a pretty straightforward feature that other streaming services already offer, and it’s surprising that it took Amazon so long to introduce it. Prime Video customers will be able to create up to six profiles, including “Kids” profiles which will include age-appropriate content, search results and suggestions.

On July 19, a major security breach prompted the owners of DNA analysis service GEDmatch to take the website offline. After a preliminary investigation, it was revealed that a treasure trove of DNA profiles had been made available for law enforcement searches (and by extension, all other users of

"The site , which lets users upload their DNA profile data to trace their family tree and ancestors Gedmatch was also the service that police used to catch the so-called Golden State Killer. The DNA analysis site 's parent company declined to say if the issue was caused by error or a security breach .

But, on July 19, 2020, after a computer attack, it was the genetic data of all users that were available to the authorities. “As a result of this intrusion, all user settings have been reset,” GEDmatch explains on Facebook. “It made all profiles visible to all users. It lasted about three hours. During this period, users who had not activated the feature that allows the police to compare their genetic data still saw their data being accessible. "

According to the American press, it is impossible to know for the moment whether the police have been able to make comparisons with genetic profiles which would not have been accessible to them in normal times, but an employee of GEDmatch assured the Buzzfeed site that they had nothing seen unusual. Hours later, on July 20, GEDmatch discovered he was the target of yet another intrusion. This time, no profile was accessible to the police. As of July 23, the site was still offline for maintenance.

Amazon Prime Video Mercifully Rolls Out Individual User Profiles Similar to Netflix

  Amazon Prime Video Mercifully Rolls Out Individual User Profiles Similar to Netflix Long-awaited support for individual user profiles has finally arrived on Amazon’s streaming TV service, Prime Video. This means the niche streaming interests of your partner or family members can be saved to their own profiles—meanwhile, you, reader, can continue to binge the original Unsolved Mysteries at your own uninterrupted pace. © Image: JOSEP LAGO/AFP (Getty Images) An Amazon spokesperson told Gizmodo by email that Prime subscribers can now add up to six profiles for Prime Video, with one for the primary user on the account as well as up to five others (these profiles also support a Kids option).

Examples of security breaches and corresponding recommended practices. Data Breach . Report suspected theft of UCSC-related computing equipment to the UCSC Police Department. Be sure to let them know if the stolen equipment contains any sensitive information.

For the first time, a state judge has forced a public genealogy site , GEDmatch, to allow police to search its entire database of DNA profiles . Since police tracked down the suspected Golden State Killer in April 2018 by uploading crime-scene DNA to GEDmatch, forensic genealogy has led to arrests in

Very little confidential DNA profiles in the United States Phishing attempts

The trouble did not end there for GEDmatch users. BuzzFeed adds that on July 21, another genealogical site, MyHeritage, warned its users that some of them were the target of a phishing attempt. What they have in common: all are GEDmatch users.

“We found out after speaking with the people who received this email that all of them use GEDmatch. Since GEDmatch was breached two days ago, we suspect this is how the authors recovered their email addresses, "MyHeritage writes. Of the 105 users targeted by the phishing campaign, at least sixteen have been duped. MyHeritage says it is trying to contact them to change their passwords.

Faced with these accusations, GEDmatch defended itself, claiming that it had "no evidence to suggest that this phishing campaign is the result of this week's intrusion." On July 20, he wrote that "no data was uploaded or compromised." However, the genealogical site says it is continuing to investigate the incident.

Beware of email and SMS scams, the number of which has increased in recent months

Are my passwords on the dark web? These tools monitor your info after a data breach .
By the time a company tells you your data's been stolen as part of a breach, your information may already be on the dark web. Here's how to keep pace with the hackers.With your stolen information, hackers can do everything from making purchases and opening up credit accounts in your name to filing for your tax refunds and making medical claims, all posing as "you." What's worse, billions of these hacked login credentials are available on the dark web, neatly packaged for hackers to easily download for free.

—   Share news in the SOC. Networks
usr: 0
This is interesting!