Two days ago, GEDmatch was hacked. Many of us saw bizarre DNA matches that shared too much DNA to be credible. I was just putting the finishing touches on a blog post explaining what’s probably going on-and why it’s not as worrying as it seems-when MyHeritage announced that they’ve been the target of a phishing attempt.
Phishing is a way hackers trick you into revealing your password. Once they get your email or phone number, they send an email or a text message designed to get you to log into a fake site, where they record your login credentials.
If you get an email with the subject line “Ethnicity Estimate v2” from MyHeritaqe.com (note the Q instead of a G; they’ll look almost identical in lower case, especially on a phone), DELETE IT and DO NOT FOLLOW THE LINK IN IT. If you’ve already logged into the fake site, log into your MyHeritage account immediately and change your password. Make absolutely sure you’re logging into the correct site.
Right now, it looks like the phishers got the email addresses from GEDmatch. We think so because some MyHeritage customers use a different email address or name at the two sites, and the phishing emails they received used the GEDmatch details.
MyHeritage is to be commended for their quick response.
Unique Passwords Are Important
Hacks like this are why we should all have unique passwords at each website we use. If you use the same password for genealogy, social media, banking, etc., all of your online presence is compromised.
So, change your passwords. Make them unique. And if your accounts offer two-factor authentication, enable it. NOW!
More to come. And I’ll post that other article when things have died down a bit.
No! Really? MyHeritage too? I either did not get the email or just deleted it. But WTF is going on?
Leah, do you think we need to change our GEDmatch passwords as well?
To be clear, MyHeritage hasn’t been hacked. Someone’s trying to get MyHeritage passwords. As for GEDmatch passwords, can’t hurt to change them but honestly, I don’t think that’s the real concern. Anyone who has your kit number can search on it, no matter which account they’re logged into.
And, let the ganging up on the little guy begin. You’re just as guilty. Think about that next time you one to one on Gedmatch. Jerk.
If a genetic genealogy company repeatedly violates our trust the way GEDmatch has, users should know so they can make choices appropriate to themselves.