Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As a result of this breach, all user permissions were reset, making all profiles visible to all users

This seems like the opposite of how a sensible permissioning data model should work.



“But A/B testing showed more ‘user engagement’ when you default to public”


I think it's an older issue. Before it was sold, GEDmatch was ran by several part-time developers. It was running some old PHP 5 version the last time I checked. In general I advise to be very sceptical of amateur-ran genealogy sites - I know of at least 3 search engines with obvious SQL injection issues (which allow me to run better queries, but still). All of the major commercial sites had some sort of leaks as well (I'm not sure about FamilySearch).


Who are you quoting there?


wooosh


I thought the exact same thing when I got the email. I would have much preferred a permission reset resulting in profiles being locked down tightly.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: