Geocaching.com data breach notice

[+edexter]

I recently recieved a notice from Google that a data breach had occured and that I should change my password.  All of the affected domains were Geocaching related (Geocaching.com and c:geo for example).  So heads' up...

edexter  

[+Viajero Perdido]

That sounds suspicious.  Why would that come from Google, rather than Groundspeak etc?  I'm not aware of Google having any involvement in breach monitoring.

[+TeamRabbitRun]

2 hours ago, edexter said:

I recently recieved a notice from Google that a data breach had occured and that I should change my password.  All of the affected domains were Geocaching related (Geocaching.com and c:geo for example).  So heads' up...

edexter  

 

Did it include a link to change your password for effected sites?

If so, don't use it.

 

If you're concerned, ask GS HQ if they've been whacked. If not, it's most likely a phishing expedition.

[+frostengel]

But you can change your password from time to time anyway. But don't use any links in e-mails (even if they look good) but go directly to the website geocaching.com, click on the downarrow (or whatever this is) in the top right next to your name and you'll find the settings where you can change the password safely. (The direct link is https://www.geocaching.com/account/settings/profile but don't use it as it is a direct link in a forum. ;-))

 

Jochen

Edited October 5, 2020 by frostengel
typo

[+Hügh]

3 hours ago, Viajero Perdido said:

I'm not aware of Google having any involvement in breach monitoring.

 

Google does operate a service they call "Password Checkup", available throught the Password Manager at https://passwords.google.com/checkup. 

When accessed (through my account,) it does not suggest any compromised passwords or data breaches. I suspect that edexter is being phished.

Edited October 5, 2020 by Hügh

[+Mausebiber]

4 hours ago, edexter said:

I recently recieved a notice from Google that a data breach had occured and that I should change my password. 

 

The advise above, not to click on any link provided to change your password does not only apply to Groundspeak, but to any other app, webpage, email.  Never trust a link someone has sent to you.

[Keystone]

Under privacy laws, a formal data breach notice would come from the company that held the data - not from Google (unless it was Google who experienced the breach).  Moreover, a formal data breach notice would not be combined for two unaffiliated companies.

 

FWIW, I've not heard of any data breaches nor have I heard reports from other users.

[+RocTheCacheBox]

4 hours ago, edexter said:

I recently recieved a notice from Google that a data breach had occured and that I should change my password.  All of the affected domains were Geocaching related (Geocaching.com and c:geo for example).  So heads' up...

edexter  

 

I've been getting e-mails from "pay- pal" every day for for the past two weeks saying my account has been compromised. It hasn't.

 

You may want to educate yourself on phishing scams and learn how to identify and properly deal with them if you are going to have an e-mail account before you fall victim to one or several.

Edited October 5, 2020 by RocTheCacheBox

[+edexter]

Thanks.  I will check this out further

edexter

[+edexter]

The message was from the Google password checkup service.  It suggested I change passwords on five sites.  I changed all five on the individual sites.  Seems ok now.  Apparently not a issue for others. 

[+Viajero Perdido]

9 hours ago, edexter said:

a data breach had occured

 

Did it actually say that, or was it just a warning that it might happen?  (Or more to the point, does anyone else have to worry, or just you?)

 

Edited October 5, 2020 by Viajero Perdido

[+edexter]

I don't really know exactly how it was worded.   Once I made the changes the message went away and the Password Checker now says everything is ok.  I decided it made sense to change my passwords, which you are supposed to do periodically anyway.  I posted here because I wasn't sure if it was a larger issue, which it doesn't seem to be.  

edexter

[+thebruce0]

It may have just been a suggestion or reminder for good practice. Especially if it was for 5 websites. And perhaps you created your account or last changed your password on geocaching.com and that other one around the same time which is why they were 'grouped'.  If it wasn't phishing, that's the only other reasonable explanation I can think of, really

[+Understandblue]

Yes I got it too - password was found in a data breach. It's a monitoring service in the Chrome Browser as part of their password manager. Definitely change your password. Etsy was another site with a data breach at the same time as well as Threadloom. Screenshot attached for those not familiar with this Chrome service. 

Edited October 8, 2020 by Understandblue

[+MartyBartfast]

19 minutes ago, Understandblue said:

Yes I got it too - password was found in a data breach. It's a monitoring service in the Chrome Browser as part of their password manager. Definitely change your password. Etsy was another site with a data breach at the same time as well as Threadloom.

 

This doesn't necessarily mean that there was a data breach at Groundspeak, what it means is that  the username/password combination of UNDERSTANDBLUE/yoursecretpassword  has been found somewhere and has been leaked, that could have happened in a number of ways:

 

• Grounspeak have been breached. I think this unlikely as we would be seeing everyone having the same problem, and I hope Groundspeak would have notified us all and asked us to change our passwords (They probably have a legal obligation to disclose breaches).
• If you have used that same username & password elsewhere (e.g. ETSY, or Threadloom, or Project-GC, etc...) then it could be any of those that have been breached. 
• It's  possible that the breach was on your personal device rather than a website and your username/password has  by some malware on your PC  been harvested and added to a list.
• It's  possible (though unlikely in this case) that someone else somewhere in the world happens to have used the same username & password and it is their details  which have been breached.

It's  also possible that the actual breach happened weeks/months/years ago but the data has only been recently leaked to a source where Google can access it.

 

All that said it's no bad thing to change your password, and it's a very good thing to use different passwords on different platforms/websites.

[+Understandblue]

Correct. But the point is it's not a phishing scam and multiple Groundspeak users have been affected so it's not just one person reusing their password (which is a horrible idea ).

 

So clearly someone has a list with some Groundspeak usernames and passwords - however it happened, it's affecting people and it's a good time to get a good secure random password.

 

IDNotify is another good monitoring service for being alerted if any of your logins are being bought and sold by nefarious types.

Edited October 8, 2020 by Understandblue