For almost two hours last week, Meta employees had unauthorized access to company and user data thanks to an AI agent that gave an employee inaccurate technical advice, as previously reported by The Information. Meta spokesperson Tracy Clayton said in a statement to The Verge that “no user data was mishandled” during the incident.

A Meta engineer was using an internal AI agent, which Clayton described as “similar in nature to OpenClaw within a secure development environment,” to analyze a technical question another employee posted on an internal company forum. But the agent also independently publicly replied to the question after analyzing it, without getting approval first. The reply was only meant to be shown to the employee who requested it, not posted publicly.

An employee then acted on the AI’s advice, which “provided inaccurate information” that led to a “SEV1” level security incident, the second-highest severity rating Meta uses. The incident temporarily allowed employees to access sensitive data they were not authorized to view, but the issue has since been resolved.

According to Clayton, the AI agent involved didn’t take any technical action itself, beyond posting inaccurate technical advice, something a human could have also done. A human, however, might have done further testing and made a more complete judgment call before sharing the information — and it’s not clear whether the employee who originally prompted the answer planned to post it publicly.

“The employee interacting with the system was fully aware that they were communicating with an automated bot. This was indicated by a disclaimer noted in the footer and by the employee’s own reply on that thread,” Clayton commented to The Verge. “The agent took no action aside from providing a response to a question. Had the engineer that acted on that known better, or did other checks, this would have been avoided.”

Last month, an AI agent from open source platform OpenClaw went more directly rogue at Meta when an employee asked it to sort through emails in her inbox, deleting emails without permission. The whole idea behind agents like OpenClaw is that they can take action on their own, but like any other AI model, they don’t always interpret prompts and instructions correctly or give accurate responses, a fact Meta employees have now discovered twice.

Millions of Americans are digging into their roots. Genealogy has quietly become one of the fastest-growing hobbies in North America, with the industry now valued at more than $5 billion. From DNA kits to digital family tree builders, people are discovering relatives, tracing migration stories and reconnecting with their past.

There is something deeply meaningful about learning where you come from. However, there is another side to this trend that many people never consider.

The same information that helps you find your great-grandparents can also help scammers find you. Once personal details appear online, they rarely stay in one place. And that can create unexpected security risks.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

DNA KITS MAY SHARE PERSONAL DATA AFTER DEATH
 

What family tree sites encourage you to upload

Genealogy platforms feel harmless. In fact, they are designed to feel warm, nostalgic and personal.

To build a detailed family tree, users often upload information such as:

• Full legal names, including maiden names
• Birth dates
• Places of birth
• Marriage records
• Address history
• Names of children, siblings and relatives
• Old family photos
• Obituaries and memorial information

Each detail may seem harmless on its own. But together, they create something extremely valuable: a fully mapped identity profile. Not just of you, but of your entire family network. And that kind of information is exactly what scammers look for.

Once information is uploaded, it rarely stays private

Many genealogy platforms allow public trees by default. Even when accounts are private, information can still spread in several ways.

For example, data can appear through:

• Shared family trees
• Public obituaries
• Search features
• Data scraping tools
• Third-party integrations

Over time, this information becomes searchable. It may be indexed by search engines. Bots can scrape it. Data brokers can absorb it into their databases. Once that happens, your family details no longer live only on a genealogy website. They can appear on people search websites, background check platforms and marketing databases. And you may never know it happened.

The 23andMe wake-up call

The recent bankruptcy of the DNA testing company 23andMe served as a reminder for millions of users. When companies change ownership or shut down, your data does not simply disappear. Genetic data raises serious privacy concerns on its own.

However, the broader genealogy ecosystem carries a similar risk. When you upload deeply personal, multi-generational information, you lose control over how long it is stored, who can access it and where it may end up in the future. Even if you trust a company today, you cannot control what happens tomorrow.

23ANDME PROBE LAUNCHED TO PREVENT CUSTOMER DNA DATA FROM BEING SOLD TO CHINA OR OTHER BAD ACTORS
 

Why scammers love family tree data

Cybercriminals no longer focus only on credit card numbers. Instead, they want context. They want personal details that help them impersonate you or bypass security checks. Family tree websites provide exactly that. Here are three ways criminals can exploit genealogy data.

1) Answering security questions

Many financial institutions still rely on knowledge-based authentication questions, such as:

Unfortunately, those answers often appear directly in public family trees. With enough background information, scammers may bypass account protections without ever knowing your password. 

2) Crafting believable impersonation scams

Now imagine receiving a message like this: “Hi, Aunt Linda, it’s Jake. I’m stuck overseas and need help.”

If a scammer already knows:

• Your relatives’ names
• Who is related to whom
• Where family members live

They can create highly believable emergency scams. These are no longer random “grandparent scams.” They are customized attacks, and genealogy data makes that customization easy.

3) Targeting entire families

When one person’s information becomes exposed, it rarely stops there. A scammer can quickly map your entire family network. They may identify:

• Adult children
• Elderly parents
• Siblings
• Multiple addresses

Then they can launch phishing attempts across several family members at once. In other words, one data leak can turn into a family-wide vulnerability.

How genealogy data strengthens data broker profiles

Here is where the situation becomes even more concerning. Data brokers do not just collect phone numbers and addresses. They build detailed relational profiles.

These profiles often include:

• Household connections
• Extended relatives
• Age ranges
• Property ownership
• Income indicators

When genealogy data gets scraped or resold, it strengthens those profiles. Your listing may suddenly include:

• An accurate maiden name
• Verified birth year
• Confirmed past addresses
• Detailed family connections

The richer the profile becomes, the more valuable it is-not only to marketers but also to criminals. “But I set my tree to private.” Privacy settings certainly help. However, they do not solve the entire problem.

Even if your family tree is private:

• Relatives may publish overlapping information
• Obituaries remain public records
• Historical records continue to be digitized
• Other users may repost or copy data

Once information spreads across multiple websites, tracking it becomes extremely difficult. In addition, data brokers constantly refresh their databases. Even if you remove your data once, it may quietly reappear months later.

COULD HACKERS STEAL YOUR DNA AND SELL IT?
 

How to enjoy genealogy without exposing yourself

You do not have to give up genealogy. You simply need to approach it the same way you approach social media.

Consider these precautions:

• Limit public visibility on family trees
• Avoid posting full birthdates
• Be cautious with maiden names
• Remove exact address histories
• Think carefully before sharing details about living relatives

Most importantly, remember that the real risk is not the genealogy site itself. The risk is where that data travels next.

Stop your family history from becoming a scammer’s playbook

Once personal information enters the data broker ecosystem, it can spread far beyond the original platform. That is why proactive privacy protection matters.

Data brokers collect and resell personal information gathered from public records, websites and scraped databases. If genealogy details such as maiden names, birthplaces and family relationships get pulled into those systems, they can quietly appear across people-search sites and background check databases.

Over time, this information can make it easier for scammers to build detailed identity profiles. Those profiles can be used for impersonation scams, phishing attacks or attempts to bypass security questions.

You can take steps by searching your name and relatives online to see what information is publicly visible, submitting removal requests to people-search sites and limiting what you share publicly on genealogy platforms. Taking these precautions can help prevent your family history from becoming a roadmap for scammers.

However, manually tracking down and removing your information across hundreds of sites can be time-consuming and difficult to keep up with.

One of the most effective steps you can take is to use a data removal service to help remove your information from data broker and people-search websites. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.

These services do the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. They also continue scanning for new exposures, which helps prevent your data from quietly reappearing later.

It’s what gives me peace of mind and has proven to be one of the most effective ways to erase personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing breach data with details they might find online, making it much harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Kurt’s key takeaways

Genealogy can be an incredibly rewarding hobby. Discovering where your family came from often creates a deeper sense of connection and identity. But the digital tools that make this research easier can also expose more information than many people realize. A family tree filled with birthplaces, maiden names and relatives may look harmless, yet it can quietly create a roadmap for scammers. The good news is you do not have to stop exploring your ancestry. You simply need to share carefully, protect your data and understand how information travels online.

Have you ever searched for your own name or family members online and been surprised by how much personal information was publicly available? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.