Two days ago, GEDmatch was hacked. Many of us saw bizarre DNA matches that shared too much DNA to be credible. I was just putting the finishing touches on a blog post explaining what’s probably going on—and why it’s not as worrying as it seems—when MyHeritage announced that they’ve been the target of a phishing attempt.
Phishing is a way hackers trick you into revealing your password. Once they get your email, they send a message designed to appeal to your interests and get you to log into a fake site, where they record your login credentials.
If you get an email with the subject line “Ethnicity Estimate v2” from MyHeritaQe.com (note the Q instead of a G; they’ll look almost identical in lower case), DELETE IT and DO NOT FOLLOW THE LINK IN IT. If you’ve already logged into the fake site, log into your MyHeritage account immediately and change your password. Make absolutely sure you’re logging into the correct site.
Right now, it looks like the phishers got the email addresses from GEDmatch. We think so because some MyHeritage customers use a different email address or name at the two sites, and the phishing emails they received used the GEDmatch details.
MyHeritage is to be commended for their quick response.
Unique Passwords Are Important
Hacks like this are why we should all have unique passwords at each website we use. If you use the same password for genealogy, social media, banking, etc., all of your online presence is compromised.
So, change your passwords. Make them unique. And if your accounts offer two-factor authentication, enable it. NOW!
More to come. And I’ll post that other article when things have died down a bit.