MyHeritage claims its users were targeted after their details were leaked by competitor
A popular DNA testing and ancestry website said its users are being targeted with phishing attacks originating from a data breach on another genealogy site.
Earlier this week, two separate security incidents led to a data breach at US-based DNA research firm GEDmatch.
GEDmatch attracted controversy after DNA in its database was accessed by law enforcement and led to the capture of the infamous Golden State Killer in 2018.
In the wake of the incident, the company implemented new privacy controls. This included their DNA profiles being inaccessible to police by default.
The GEDmatch website is currently offline, though a spokesperson told The Daily Swig that no DNA data has been compromised.
“We can assure you that your DNA information was not compromised, as GEDmatch does not store raw DNA files on the site. When you upload your data, the information is encoded and the raw file deleted. This is one of the ways we protect our users’ most sensitive information.”
MyHeritage, a genealogy site based in Israel, said that days later, phishing emails were sent to its customers which it suspects used the compromised data.
A blog post details how MyHeritage users were targeted with fake emails promising a ‘DNA match’ which actually linked to a phishing website with a lookalike domain.
This fake website, myheritaqe.com, displayed an identical homepage to the real MyHeritage site. It also included a login page intended to steal victims’ credentials.
“The email is always sent in English, even to users whose language on MyHeritage is not English,” the blog post reads.
“The email is sent from firstname.lastname@example.org and note that it is MyHeritaqe with a Q and not with a G as it should be. That’s the domain of the perpetrators.”
MyHeritage wrote that it suspects the phishing emails were directed to victims of the GEDmatch breach.
“We don’t know if they emailed (or intend to email) all the users of GEDmatch or only those who uploaded DNA data to GEDmatch that originated from MyHeritage,” the blog post, dated July 21, reads.
“What we found with all the users they did email, after speaking with these users, is that those users are all using GEDmatch.
“Because GEDmatch suffered a data breach two days ago, we suspect that this is how the perpetrators got their email addresses and names for this abuse.”
MyHeritage also noted that one of its users received the phishing email addressed to a unique account name only associated with GEDmatch, strengthening its speculation.
The GEDmatch spokesperson told The Daily Swig:
Today, we were informed that MyHeritage customers who are also GEDmatch users were the target of a phishing scam. Please remember to exercise caution when opening emails and clicking links. Never provide sensitive information via email. If an email seems suspicious, contact the company in question directly through the phone number or email address listed on their website, not via a reply to the suspicious email. At this time, we have no evidence to suggest the phishing scam is a result of the GEDmatch security breach this week. We are continuing to investigate the incident.
An initial security investigation found that at least 105 users had been lured to the fake phishing website, and 16 users had been tricked into entering their credentials.
MyHeritage says it isn’t aware of any data being compromised on its website. The phishing website has since been taken offline, though the company advised users to be vigilant of fake websites and to use strong, unique passwords for different web services.
“Be suspicious of emails that do not make sense… use a different, unique password on every website – never reuse the same password on multiple websites, and always be vigilant.”
The Daily Swig has contacted GEDmatch and MyHeritage for comment and will update this article accordingly.