+edexter Posted October 5, 2020 Share Posted October 5, 2020 I recently recieved a notice from Google that a data breach had occured and that I should change my password. All of the affected domains were Geocaching related (Geocaching.com and c:geo for example). So heads' up... edexter 1 1 Quote Link to comment
+Viajero Perdido Posted October 5, 2020 Share Posted October 5, 2020 That sounds suspicious. Why would that come from Google, rather than Groundspeak etc? I'm not aware of Google having any involvement in breach monitoring. Quote Link to comment
+TeamRabbitRun Posted October 5, 2020 Share Posted October 5, 2020 2 hours ago, edexter said: I recently recieved a notice from Google that a data breach had occured and that I should change my password. All of the affected domains were Geocaching related (Geocaching.com and c:geo for example). So heads' up... edexter Did it include a link to change your password for effected sites? If so, don't use it. If you're concerned, ask GS HQ if they've been whacked. If not, it's most likely a phishing expedition. 2 2 Quote Link to comment
+frostengel Posted October 5, 2020 Share Posted October 5, 2020 (edited) But you can change your password from time to time anyway. But don't use any links in e-mails (even if they look good) but go directly to the website geocaching.com, click on the downarrow (or whatever this is) in the top right next to your name and you'll find the settings where you can change the password safely. (The direct link is https://www.geocaching.com/account/settings/profile but don't use it as it is a direct link in a forum. ;-)) Jochen Edited October 5, 2020 by frostengel typo 1 Quote Link to comment
+Hügh Posted October 5, 2020 Share Posted October 5, 2020 (edited) 3 hours ago, Viajero Perdido said: I'm not aware of Google having any involvement in breach monitoring. Google does operate a service they call "Password Checkup", available throught the Password Manager at https://passwords.google.com/checkup. When accessed (through my account,) it does not suggest any compromised passwords or data breaches. I suspect that edexter is being phished. Edited October 5, 2020 by Hügh 1 Quote Link to comment
+Mausebiber Posted October 5, 2020 Share Posted October 5, 2020 4 hours ago, edexter said: I recently recieved a notice from Google that a data breach had occured and that I should change my password. The advise above, not to click on any link provided to change your password does not only apply to Groundspeak, but to any other app, webpage, email. Never trust a link someone has sent to you. 1 Quote Link to comment
Keystone Posted October 5, 2020 Share Posted October 5, 2020 Under privacy laws, a formal data breach notice would come from the company that held the data - not from Google (unless it was Google who experienced the breach). Moreover, a formal data breach notice would not be combined for two unaffiliated companies. FWIW, I've not heard of any data breaches nor have I heard reports from other users. 4 Quote Link to comment
+RocTheCacheBox Posted October 5, 2020 Share Posted October 5, 2020 (edited) 4 hours ago, edexter said: I recently recieved a notice from Google that a data breach had occured and that I should change my password. All of the affected domains were Geocaching related (Geocaching.com and c:geo for example). So heads' up... edexter I've been getting e-mails from "pay- pal" every day for for the past two weeks saying my account has been compromised. It hasn't. You may want to educate yourself on phishing scams and learn how to identify and properly deal with them if you are going to have an e-mail account before you fall victim to one or several. Edited October 5, 2020 by RocTheCacheBox 1 1 Quote Link to comment
+edexter Posted October 5, 2020 Author Share Posted October 5, 2020 Thanks. I will check this out further edexter Quote Link to comment
+edexter Posted October 5, 2020 Author Share Posted October 5, 2020 The message was from the Google password checkup service. It suggested I change passwords on five sites. I changed all five on the individual sites. Seems ok now. Apparently not a issue for others. Quote Link to comment
+Viajero Perdido Posted October 5, 2020 Share Posted October 5, 2020 (edited) 9 hours ago, edexter said: a data breach had occured Did it actually say that, or was it just a warning that it might happen? (Or more to the point, does anyone else have to worry, or just you?) Edited October 5, 2020 by Viajero Perdido Quote Link to comment
+edexter Posted October 6, 2020 Author Share Posted October 6, 2020 I don't really know exactly how it was worded. Once I made the changes the message went away and the Password Checker now says everything is ok. I decided it made sense to change my passwords, which you are supposed to do periodically anyway. I posted here because I wasn't sure if it was a larger issue, which it doesn't seem to be. edexter Quote Link to comment
+thebruce0 Posted October 7, 2020 Share Posted October 7, 2020 It may have just been a suggestion or reminder for good practice. Especially if it was for 5 websites. And perhaps you created your account or last changed your password on geocaching.com and that other one around the same time which is why they were 'grouped'. If it wasn't phishing, that's the only other reasonable explanation I can think of, really Quote Link to comment
+Understandblue Posted October 8, 2020 Share Posted October 8, 2020 (edited) Yes I got it too - password was found in a data breach. It's a monitoring service in the Chrome Browser as part of their password manager. Definitely change your password. Etsy was another site with a data breach at the same time as well as Threadloom. Screenshot attached for those not familiar with this Chrome service. Edited October 8, 2020 by Understandblue 1 1 Quote Link to comment
+MartyBartfast Posted October 8, 2020 Share Posted October 8, 2020 19 minutes ago, Understandblue said: Yes I got it too - password was found in a data breach. It's a monitoring service in the Chrome Browser as part of their password manager. Definitely change your password. Etsy was another site with a data breach at the same time as well as Threadloom. This doesn't necessarily mean that there was a data breach at Groundspeak, what it means is that the username/password combination of UNDERSTANDBLUE/yoursecretpassword has been found somewhere and has been leaked, that could have happened in a number of ways: Grounspeak have been breached. I think this unlikely as we would be seeing everyone having the same problem, and I hope Groundspeak would have notified us all and asked us to change our passwords (They probably have a legal obligation to disclose breaches). If you have used that same username & password elsewhere (e.g. ETSY, or Threadloom, or Project-GC, etc...) then it could be any of those that have been breached. It's possible that the breach was on your personal device rather than a website and your username/password has by some malware on your PC been harvested and added to a list. It's possible (though unlikely in this case) that someone else somewhere in the world happens to have used the same username & password and it is their details which have been breached. It's also possible that the actual breach happened weeks/months/years ago but the data has only been recently leaked to a source where Google can access it. All that said it's no bad thing to change your password, and it's a very good thing to use different passwords on different platforms/websites. 1 2 Quote Link to comment
+Understandblue Posted October 8, 2020 Share Posted October 8, 2020 (edited) Correct. But the point is it's not a phishing scam and multiple Groundspeak users have been affected so it's not just one person reusing their password (which is a horrible idea ). So clearly someone has a list with some Groundspeak usernames and passwords - however it happened, it's affecting people and it's a good time to get a good secure random password. IDNotify is another good monitoring service for being alerted if any of your logins are being bought and sold by nefarious types. Edited October 8, 2020 by Understandblue 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.