In the last year direct-to-consumer (DTC) genetic genealogy databases have been used to identify suspects and missing persons in over fifty cold cases, many of which have been unsolved for decades. Genealogists worked on these cases in collaboration with law enforcement agencies. Raw DNA data files were uploaded to the genealogy websites GEDmatch and FamilyTreeDNA, and identification was made by tracing the family trees of relatives who were predicted to be close genetic matches in the database. Such searches have far-reaching consequences because they affect not just those who have consented to upload their DNA results to these databases but also all of their relatives, regardless of whether or not they have taken a DNA test. This article provides an overview of the methods used, the potential privacy and security issues, and the wider implications for society. There is an urgent need for forensic scientists, bioethicists, law enforcement agencies, genetic genealogists and other interested parties to work together to produce international guidelines and policies to ensure that the techniques are used responsibly and effectively.