Getting unfound containers back on the app map.

[+Bundyrumandcoke]

Seems my Geocaching account may have been hacked. This morning I was made aware that I had logged a find on a cache owned by a mate. I was at work at the time, and no where near the cache in question. 

Checking my found caches list, there were 4 caches in the area that were "found" by me this morning, all while I was at work. Fantastic, remote control caching. No. I have gone in to the individual cache pages and deleted those false logs, but they still show up as smileys on the app map, rather that green unfound containers. 

How can i get this rectified, and is there any way GC.com can track who has published the false logs? 

 

Cheers

 

Bundy

[+Max and 99]

4 minutes ago, Bundyrumandcoke said:

Seems my Geocaching account may have been hacked. This morning I was made aware that I had logged a find on a cache owned by a mate. I was at work at the time, and no where near the cache in question. 

Checking my found caches list, there were 4 caches in the area that were "found" by me this morning, all while I was at work. Fantastic, remote control caching. No. I have gone in to the individual cache pages and deleted those false logs, but they still show up as smileys on the app map, rather that green unfound containers. 

How can i get this rectified, and is there any way GC.com can track who has published the false logs? 

 

Cheers

 

Bundy

You'll need to contact Geocaching HQ thru the Contact Us link at the bottom of every page. Let us know if you find out any more information. I'm curious.

Sorry this happened to you, too. I've never heard of this before. Good luck getting it all fixed.

[+barefootjeff]

4 minutes ago, Bundyrumandcoke said:

Seems my Geocaching account may have been hacked. This morning I was made aware that I had logged a find on a cache owned by a mate. I was at work at the time, and no where near the cache in question. 

Checking my found caches list, there were 4 caches in the area that were "found" by me this morning, all while I was at work. Fantastic, remote control caching. No. I have gone in to the individual cache pages and deleted those false logs, but they still show up as smileys on the app map, rather that green unfound containers. 

How can i get this rectified, and is there any way GC.com can track who has published the false logs? 

 

Cheers

 

Bundy

 

Not good. The app caches cache data for a while but will eventually refresh from the website, or you could try logging out from it and logging back in.

[+Max and 99]

7 minutes ago, Bundyrumandcoke said:

I have gone in to the individual cache pages and deleted those false logs, but they still show up as smileys on the app map, rather that green unfound containers.

Like barefootjeff said, this is just a matter of time and syncing. I'd also try logging out then back in, and the smileys should be gone. That's the easy part of this big mess!

[+Bundyrumandcoke]

Cheers for the replies. Stuck at work at the moment, so will get onto GC.com when I get a chance. 

 

The logs look genuine, even used my avatar, but were missing the "Cheers" in the sign off, which I always use. 

 

I became aware of the issue when a mate who owns one of the caches concerned, rang me to ask why I had only done the one or two. I usually smash an area when I get there. Its all about the numbers, after all, but only genuine numbers that I have found, not fake ones. 

 

Cheers

 

Bundy

[+CAVinoGal]

22 minutes ago, Bundyrumandcoke said:

Seems my Geocaching account may have been hacked.

 

If you haven't already done so, change your password.  You may also want to scan your computer (if that is how you normally log geocaches) or your phone for rogue apps that may be saving your keystrokes.   I hope other accounts of yours have not been hacked!

 

 

[+colleda]

20 hours ago, CAVinoGal said:

 

If you haven't already done so, change your password.  You may also want to scan your computer (if that is how you normally log geocaches) or your phone for rogue apps that may be saving your keystrokes.   I hope other accounts of yours have not been hacked!

 

 

Good point.

[+Bundyrumandcoke]

Password changed, phone scanned. A fifth log discovered and deleted. No fake logs made in the last 12 hrs or so. 

[+Max and 99]

1 minute ago, Bundyrumandcoke said:

Password changed, phone scanned. A fifth log discovered and deleted. No fake logs made in the last 12 hrs or so. 

I haven't thought this through, but I'm just asking you out of curiosity are you getting email notifications or messages on GC message center. When your friend contacted you about his caches that you had found I didn't know if that was a personal communication or through something through your GC account. 

When you say a fifth log was discovered you didn't say if you just happened to come across it or if you got a notification or how you knew about it. Just asking out of curiosity because of the good mystery. ?

Has geocaching HQ responded yet?

[+Bundyrumandcoke]

Yes, getting notifications and messages through GC.com. Not getting notifications of me placing a new log on a cache. Nothing as yet from GCHQ. 5th log found when I checked my account and found caches through the dashboard. 

Edited October 1, 2020 by Bundyrumandcoke

[+Bundyrumandcoke]

Happened to have just heard from GC support. Change of password was suggested. 

[+barefootjeff]

31 minutes ago, Bundyrumandcoke said:

Yes, getting notifications and messages through GC.com. Not getting notifications of me placing a new log on a cache. Nothing as yet from GCHQ. 5th log found when I checked my account and found caches through the dashboard. 

 

If you haven't already done so, it's worth checking your settings on the website to make sure the hacker didn't change your email address or anything else.

[+Max and 99]

Just now, barefootjeff said:

 

If you haven't already done so, it's worth checking your settings on the website to make sure the hacker didn't change your email address or anything else.

That's what I was thinking when I asked if he was getting email notifications. The whole thing's a mystery! Too bad someone can't figure out who is doing this. 

[+IceColdUK]

Intrigued!  Did the logs seem genuine?  It seems pretty strange behaviour to hack an account and then start logging finds.  Maybe there’s some sort of cross-wiring ... somebody trying to log on their account but somehow the logs are landing on yours?  I wonder whether there’s anything on the physical logs that might shed some light?

[+Max and 99]

Just now, IceColdUK said:

Intrigued!  Did the logs seem genuine?  It seems pretty strange behaviour to hack an account and then start logging finds.  Maybe there’s some sort of cross-wiring ... somebody trying to log on their account but somehow the logs are landing on yours?  I wonder whether there’s anything on the physical logs that might shed some light?

I'm intrigued too! That's a great idea to check the physical logs. 

As stupid as this sounds the first thing that came to my mind was that those finds were all from previous drafts, which could explain why they all arrived while he was at work. But the op indicates he hasn't found those caches so that theory went down the drain. ?

Just throwing out wild guesses. 

 

[+NYPaddleCacher]

1 hour ago, IceColdUK said:

Intrigued!  Did the logs seem genuine?  It seems pretty strange behaviour to hack an account and then start logging finds.  Maybe there’s some sort of cross-wiring ... somebody trying to log on their account but somehow the logs are landing on yours?  I wonder whether there’s anything on the physical logs that might shed some light?

 

I occasionally get email messages from sites that i have never visited that apparently have my gmail email address.  In one instance, I got confirmations of airline flights booked from Spain to a couple of other places in Europe.  I wonder if there is some other user that has a similar user name that is doing something like using GSAK to log finds (which may be using user id rather than the user name).  A typo of the userID might result in logging caches to your account.  You might try the "Find Another User" feature to search for similar user names then see if any of them have posted found it logs in area where these new cache logs are located.

[+CAVinoGal]

1 hour ago, IceColdUK said:

 It seems pretty strange behaviour to hack an account and then start logging finds.  Maybe there’s some sort of cross-wiring ... somebody trying to log on their account but somehow the logs are landing on yours?

 

This thought occurred to me too, but I haven't heard of this happening before.  It all seems really strange!

[+JohnCNA]

On 10/1/2020 at 6:02 PM, NYPaddleCacher said:

 

I occasionally get email messages from sites that i have never visited that apparently have my gmail email address.

I had this happen twice in the past, where I was getting legitimate emails for someone with my exact same name and in the other instance, a very similar email address.

 

In one case, let's say my email address was John!Public@gmail.com.  When I contacted Google to see if they could help, they said that they ignore punctuation in email addresses. So John!Public@gmail.com, John.Public@gmail.com, John-Public@gmail.com would all go to the same inbox. I don't know if that is still the case, but I found that very surprising. 

 

It ended up that the other person had the address of John.Public123@gmail.com and he had forgotten to add the 123 when registering with a couple businesses. 

[+terratin]

Are you logging into geocaching with an email address, facebook or username? Is it possible at all to log in with an email address, btw?

a) First of all, if your account is linked with facebook (or anything else that might do this) then also change the password in facebook.

b) check the associated email address at https://haveibeenpwned.com/

if this email address has been compromised then do change the password everywhere you use this.

c) check the logbooks of the caches in question or ask your friend to do so.

d) is it possible that you have some pending logs/draft logs somewhere that you never posted and that somehow got associated with these caches? Does the overall writing fit your style and is unique enough?

e) do you sleep-walk-cache?