DNA testing service startup Vitagene exposed thousands of customer records online for years

Every day, you read news of big organizations leaving customers data on Amazon Web Services (AWS) cloud. This time, it is DNA testing service Vitagene, a tech startup that provides genetic testing for supplement optimization and genealogy (ancestry) purposes. According to a report from Bloomberg,  Vitagene left more than 3,000 of customer health reports exposed online for many years. For a company that prides itself in bringing transparency to the $32 billion supplement industry, this news comes as a surprise to many.

“More than 3,000 user files remained accessible to the public on Amazon Web Services cloud-computer servers until July 1, when Vitagene was notified of the issue and shut down external access to the sensitive personal information,” according to According to Bloomberg citing obtained documents. The genealogy reports contain customers’ personal information including: full names alongside dates of birth and gene-based health information, such as their likelihood of developing certain medical conditions, Bloomberg said citing a review of the documents.

Vitagene said that the files dated from when the company was in “beta” testing and represented a small fraction of its customer base.

“We immediately opened an investigation and blocked access to the files,” Chief Executive Officer Mehdi Maghsoodnia said in an email to Bloomerg. “We updated our security protocols in 2018 and have engaged an outside security firm to run external and internal penetration testing across our application. As a team we acknowledge our mistake and will keep ourselves accountable. We hope over time to prove that we are worthy of the trust that is given to us every day.”

Founded in 2014 by Al Hariri, Brian Ha, Karen Lo, Mehdi Maghsoodnia, Pouria Mojabi, and Reza Malek, Vitagene leverages big data and machine learning to provide personalized, actionable diet, fitness, and supplement recommendations to its members.