Tuesday, July 21, 2020

Oy! Security breaches that need your attention

It has been a tough couple days security wise in the genealogy world. Do your due diligence. Make sure you change/have secure passwords and attend to any other changes you need to make.

A security vulnerability in the Mackiev product, Family Tree Maker, has been reported and is summerized in a report at Infosecurity Magazine. View report here.

A melicious attack has occurred at Gedmatch this past weekend. The site has been up and down since the discovery and is currently set in a "down for maintenance" state.

This statement was publisned on the Gedmatch Facebook page on Monday.
"On the morning of July 19, GEDmatch experienced a security breach orchestrated through a sophisticated attack on one of our servers via an existing user account. We became aware of the situation a short time later and immediately took the site down. As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours. During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users.

This was the extent of the breach. No user data was downloaded or compromised.

We have reported the unauthorized access to the appropriate authorities and continue to work toward identifying the individuals responsible for this violation.

Today, as we continued to investigate the incident and work on a permanent solution to safeguard against threats of this nature, we discovered that the site was still vulnerable and made the decision to take the site down until such time that we can be absolutely sure that user data is protected against potential attacks. We are working with a cybersecurity firm to conduct a comprehensive forensic review and help us implement the best possible security measures.

This is clearly disappointing for our company, as user privacy and data security are our top priorities. We apologize to our GEDmatch users and our law enforcement customers for the concern and frustration this situation has caused.
Thank you for your continued support of GEDmatch.

If you have questions, please reach out to us at gedmatch@verogen.com. We will update you as soon as we have more information to share."
You will want to check in when the Gedmatch site becomes available again. Of the number of kits that I manage, all but 2 were set as research prior to the breach.  After the breach when I could check in briefly, all were set as active visible kits. The LE opt in that was reported to be compromised, had reverted back to my pre set choices, but my research settings have not reverted to my preference at the present.

Check your kits, folks.




Return to the WakeCoGen Website

No comments:

Post a Comment