A DNA Database Containing Data From 23andMe and Ancestry Is Vulnerable to Attacks
People uploaded their DNA to GEDmatch to find relatives, but now their personal data could be accessed by hackers
By one estimate, more than 26 million people have mailed their saliva in a plastic tube to get their DNA analyzed by genetic testing companies like 23andMe, AncestryDNA, MyHeritage, and Family Tree DNA. And more than a million of them have also uploaded their genetic information to a popular third-party website called GEDmatch to see what DNA they have in common with others in the database.
Now, computer scientists at the University of Washington have revealed that using GEDmatch comes with serious security risks. In a paper posted this week, researchers demonstrated that it’s possible to extract genetic details of any individual in the database, leaving their data vulnerable to leaks or hacks. As more people take DNA tests and third-party genetic genealogy databases grow, the risk of new kinds of biological and cyber attacks also increases. In the wrong hands, a person’s genetic data can be used for discrimination or extortion, and the implications are even greater if entire databases are leaked.
“GEDmatch has over 1 million genomes in their database, so this creates the potential for a major data leak,” Yaniv Erlich, chief scientific officer at MyHeritage and an associate professor of computer science at Columbia University who was not involved with the work, told OneZero.
GEDmatch, which was launched in 2010 as a free service, was initially used by genealogists to identify relatives. By allowing people to upload the raw DNA file they get from genetic testing companies, the site has helped more than 10,000 adoptees identify their biological parents, according to founder Curtis Rogers. It has also been useful in solving crimes. In April 2018, the database received widespread attention when news went public that law enforcement used it to solve the high-profile Golden State Killer case.
GEDmatch is designed to show users high-level genetic information, like the general location on a chromosome where two people match. It is not intended to reveal fine-grained details about individual variations in…