As privacy concerns deepen amid the recent capture of an alleged serial killer, using genetic data from a Florida-based ancestry website, news has emerged in recent days that data from other ancestry websites is likely vulnerable to hacking.

According to reports, data about customers of the ancestry site MyHeritage had been stolen from pre-October 26 users. The data, which included customer email addresses and hashed passwords, was held on a private server until an unaffiliated security researcher notified the company.

Although MyHeritage has assured that the breach did not include data such as family trees and DNA, it does advise that information such as medical histories and biological relationships can be made available via legal avenues. According to the site, MyHeritage will, in some cases, release data to third parties in “limited circumstances,” including to honor requests made by law enforcement with a court order.

Yet, not every ancestry site has such protections in place concerning DNA data, as was demonstrated by GEDmatch, the Florida-based ancestry site that pointed investigators in the direction of Joseph James DeAngelo as the alleged “Golden State Killer,” responsible for a number of rapes and murders in 1970s and 1980s California. GEDmatch does not require a court order to share data, stating on its site that "users participating in this site should expect that their information will be shared with other users."

Responding to the hack, MyHeritage is asking users to change their passwords and is assuring customers that it will soon be launching a two-factor identification authentication system.

To contact the author of this article, email mdonlon@globalspec.com