Beware of fake MyHeritage site

+24 votes
373 views

Security alert: malicious phishing attempt detected, possibly connected to GEDmatch breach

Yesterday notice from MyHeritage:  We want to alert MyHeritage users about a malicious attempt to steal credentials that we identified several hours ago and is still ongoing.  Read about it here:

https://blog.myheritage.com/2020/07/security-alert-malicious-phishing-attempt-detected-possibly-connected-to-gedmatch-breach/?fbclid=IwAR3nRImmz1NObC2ko11z796xqN9a2vnFZk2UXfpTG8tWzkvAyC1hrtA7HpM

in The Tree House by Darlene Athey-Hill G2G6 Pilot (436k points)

2 Answers

+11 votes
 
Best answer

Thank you, Darlene, for this alert. During a Boston University genealogy course last year, we had a discussion about the 'security' of these various genealogy sites, including Ancestry, My Heritage, 23andme, etc. Here is one story I reviewed: https://healthitsecurity.com/news/dna-testing-service-vendor-reports-years-long-consumer-data-breach

More recently, well, Wikikin can read about it here:

https://www.bloomberg.com/news/articles/2019-11-06/breach-at-dna-test-firm-veritas-exposed-customer-information

I think it is very important, for those of us doing genealogy to become aware of and alert to these breaches. Again, thank you!

by Carol Baldwin G2G6 Pilot (522k points)
selected by Michel Vorenhout
Thank you very much, Michel, for the best answer selection. It is very much appreciated. My emphasis is really on people taking precautions to protect their information and for us as Wikitreers to be as cautious as possible about our information.
+5 votes

I didnt even know that gedmatch was compromised.

But they certainly got my email address from Gedmatch because I got one of those phishing emails.

Fortunately I did not access MyH through their login page - I never do that!!

I had no idea it was a fake page. I went my usual route when means I did not use their fake log in page!!

Thanks for the warning.

by Robynne Lozier G2G6 Pilot (940k points)
Yikes, Robynne, I am sorry to hear of the phishing email and your good caution. It can happen to anyone and we must be careful to protect our personal information.
If you're not sure it's legit, I agree, don't click on the link.

But if do you end up at a login site somehow and you're not sure it's the real deal, enter fake login and password first. It won't know what the real ones are, so it will accept it (and then probably say something like the site is down for maintenance because obviously they aren't going to duplicate the whole thing, just the login page).
Great advice, Rob!

Related questions

+7 votes
1 answer
+5 votes
4 answers
+1 vote
3 answers
+5 votes
1 answer
+7 votes
1 answer
+2 votes
2 answers
233 views asked Nov 23, 2017 in WikiTree Help by Jo-anne Pritchard G2G Rookie (230 points)

WikiTree  ~  About  ~  Help Help  ~  Search Person Search  ~  Surname:

disclaimer - terms - copyright

...