Forum menu
Looks like it's starting to come back to life again:
https://connect.garmin.com/status/
My guess is that it'll be a bit lumpy for a few days while it clears the (presumably) pretty hefty backlog, but good news anyway!
Yeah, I absent mindedly opened connect this morning, as I always do to sync my watch, and it all uploaded and my kayak from the weekend synced to Strava. Still says down for maintainace at the top, but otherwise worked fine.
Interesting to know what they ended up doing...
The site looks to be back up - I have just managed to log in, but the 1030 hasn't sync'd with Strava yet. Fingers crossed.
Think they just turned it off then back on again.
Probably claim that the cleaner unplugged it to do the hoovering and no-one noticed til they came into work today...
Looks like they're switching on certain services one by one, that's good.
One of my activities has just synced despite the server maint message showing on the Garmin Connect app.
Yeah, mine as well...but the Status page is offline again...haha! Too many people maybe trying to see what is available.
All working perfectly for me. Synching, plotting routes, updates.
Great news if it's all working.bet they have been working hard around the clock.
My Strava app says Garmin stuff will auto begin uploading again soon too. Before it said it wasnt and gave directions how to manual upload.
Strava have said it may take up to a week to clear their sync backlog with Garmin Connect.
4 activities updated to Strava today from over the past few days, but still not showing on the Garmin app.
Scales now registered but not syncing yet...but it is progressing so that is good.
Just synced MrsP's watch - got a couple of 'error connecting to server' messages but tried again and it worked fine. The activities appeared on Strava within a minute or so of syncing to Garmin Connect.
Is everyone happy to continue using Garmin and syncing very personal data with a company that can`t even defend itself against ransomware? How do you think they are going to keep you personal data safe?
The Maersk / NotPetya story from Wired is good. If you want to read more, I'd recommend this one, from Maersk's IAM lead at the time: https://gvnshtn.com/maersk-me-notpetya/
Is everyone happy to continue using Garmin and syncing very personal data with a company that can`t even defend itself against ransomware? How do you think they are going to keep you personal data safe?
As happy as I am with ones that haven’t yet been held to ransom.
Well, they've confirmed that no data breach occurred.
https://www.garmin.com/en-GB/outage/
And you might want to have a look at this list...
I'm willing to bet you'll have used at least one of those sites.
Anyway... Mine is semi syncing. But how am I meant to know how tired I am, Garmin? I can't see my sleep tracking! 😁
Is everyone happy to continue using Garmin and syncing very personal data with a company that can`t even defend itself against ransomware? How do you think they are going to keep you personal data safe?
It would be nice to be principled and not use any firms that have had a breach of data privacy, but I suspect that if I did that I'd rapidly run out of options for stuff - and the fact of it is that for me Garmin is the best at the fitness/activity stuff.
Is everyone happy to continue using Garmin and syncing very personal data with a company that can`t even defend itself against ransomware? How do you think they are going to keep you personal data safe?
Apart from 'address at which nice bikes are kept' I'm not sure what data they have that they could maliciously use?
Flogging DickBarton some slimming world products when his weight goes up?
Apart from ‘address at which nice bikes are kept’ I’m not sure what data they have that they could maliciously use?
All your movements, address, bank details, phone number, photos ( I assume you can upload them to rides) email addresses, medical data (heart rate data is included in that category).
I only asked out of curiosity, and it seems from the first few responses, that if you really like a service then you will continue to use it, even if its proven to have insufficient security/procedures in place.
Well, they’ve confirmed that no data breach occurred.
I didn't say any data loss had occurred. But are you willing to trust your data to a company that has just been proven to lacking in the area of security?
All your movements, address, bank details, phone number, photos ( I assume you can upload them to rides) email addresses, medical data (heart rate data is included in that category).
Medical details? What are they going to do with my SP02 and respiratory data?
As happy as I am with ones that haven’t yet been held to ransom.
no offence, and I mean this in a nice way, but that's the stupidest reason for anything ever.
Too late for that...turns out previous scales have clearly been broken for some time. I'm assuming the gain is muscle!!!
no offence, and I mean this in a nice way, but that’s the stupidest reason for anything ever.
Yeah that’s because you think my heart rate is medical data. Putting any information to any company poses a risk, it’s an accepted risk for me, any one could be hacked. A one who may have been held to ransom is perhaps more likely to up their security.
even if its proven to have insufficient security/procedures in place.
I'm guessing you work in information/cyber security? Or directly for Garmin, as you're extremely confident of their 'insufficient security/procedures'?
Assuming this is the end of the affair, I'm actually pretty happy that it has been resolved this quickly. Looks like there were enough controls in place to stop it spreading throughout the company and the actions taken to close down services would have been part of that.
I've also been wondering of Covid 19 has had an influence. Perhaps a rush to homeworking has created a few security holes in many companies.
I didn’t say any data loss had occurred. But are you willing to trust your data to a company that has just been proven to lacking in the area of security?
Again, that word - 'proven' - where's the proof Garmin have failed in security? We don't even know for 100% that it was a ransomware attack.
And even the most secure systems in the world, are not 100% secure. You'd think the CIA would be pretty secure, right? Secure enough to not get hacked by a 15 year old? Think again...
https://phys.org/news/2018-04-uk-teen-hacked-cia-chief.html
All it takes for a ransomware attack to start is one click, and someone putting in their username and password into a (very believable) fake office365 page, and they're in. Just a moment's lapse in concentration and that's it.
If you're that worried about your data, I'd suggest removing any trace of yourself from the internet, as nowhere is truly 'safe'.
All your movements, address, bank details, phone number, photos ( I assume you can upload them to rides) email addresses, medical data (heart rate data is included in that category).
Some people use it more than me - those with full time smart watches, (or if there is a subscription service I don't know about), for example.
Those who just use it as an intermediatry between the physical garmin bike computer, and strava; all it knows about me is my email address, name, and how unfit I am, plus a large nmber of GPS files that with effort, you could determine my home location.
I'd echo the comments above, Garmin itself beyond some metrics, email, age and (with some detective work) my location; have little more data that isn't already in the public domain that someone could credibly get already.
There's being cautious and sensibly cynical about sharing ones private info on line, and then there's probably unjustifiable paranoia.
Some people use it more than me – those with full time smart watches, (or if there is a subscription service I don’t know about), for example.
They don’t control all your movements unlike smartphones. address I’m not sure of without checking but I’m in the phone book so not hard to find me, bank details only if you’ve bought from them but you can’t see that in full, iemail address yes but as I have domain it gets spam anyway as they just put names and words at the front of domain so a hacker could do the same, they have no medical data. They have a few photos but they’re of scenery so not sure what they going to worth a picture of a hill.
If this was a ransomware attack, chances are all of us will have had some dealings with at least 1 company that has been subject to a ransomware attack. The NHS, for instance...
Only personal data breaches have to be notified to the ICO as far as I'm aware (not my speciality, I only dabble in IT security when needed). Ransomware attacks aren't exactly uncommon things...
Medical details? What are they going to do with my SP02 and respiratory data?
Nothing that will directly effect you, but it would be worth something to someone. Imagine having access to the heart rate data of millions of humans. Then imagine being able to filter that data by gender, or age, or location. Any company interested in sports performance would pay happily for such data.
I’m guessing you work in information/cyber security? Or directly for Garmin, as you’re extremely confident of their ‘insufficient security/procedures’?
A ransomware attack got inside their network. That could happen to anyone as you said. But for a company the size of Garmin to turn off their entire infrastructure and have no disaster recovery site/solution in place meaning their business is effectively shut down for several days is probably poor.
I’d echo the comments above, Garmin itself beyond some metrics, email, age and (with some detective work) my location; have little more data that isn’t already in the public domain that someone could credibly get already.
There’s being cautious and sensibly cynical about sharing ones private info on line, and then there’s probably unjustifiable paranoia.
That's naive at best. Its not the data itself, its what they can do with it.
But for a company the size of Garmin to turn off their entire infrastructure and have no disaster recovery site/solution in place meaning their business is effectively shut down for several days is probably poor.
Poor? Yes.
Uncommon? Scarily not. There are many household name companies that survive by a policy that is pretty much "there but for the grace of God" in these matters.
Then imagine being able to filter that data by gender, or age, or location. Any company interested in sports performance would pay happily for such data.
What makes you think Garmin don’t do that anyway?
That’s naive at best. Its not the data itself, its what they can do with it.
What can "they" do with it then? Let's stay within the bounds of your average hacker rather than anyone with specialist tools and data science skills.
But for a company the size of Garmin to turn off their entire infrastructure and have no disaster recovery site/solution in place meaning their business is effectively shut down for several days is probably poor.
Really? If they truly were the victim of a ransomware attack that took down ALL their services and had 'no disaster recovery site/solution in place' it would a take a lot sodding longer than 3 days to get most systems back up and running. And would involve paying the hackers a VERY large sum of money.
Both of which I can almost guarantee are false claims.
Do you not think, that if a companies online services got compromised, the first thing they might do is take it all offline to prevent further damage?
I'll ask again - do you work in information/cyber security? If not, you have no idea what you're on about...
Also, you're talking about it being a ransomware attack. The entire purpose of a ransomware attack is not to gain access to data, it's to purposely lock it down so it's NOT accessible.
A data breach is not a ransomware attack, they're 2 very different things with 2 very different intended results. Ransomware attackers don't give a jot about what data they're encrypting, it could be the canteens menus for the last 10 years for all they care. They just care about getting companies with no backup plan into a situation where they are forced to pay up.
What makes you think Garmin don’t do that anyway?
If they have any sense then they do. The difference is when you signed up for a Garmin account you gave them permission to do it.
Really? If they truly were the victim of a ransomware attack that took down ALL their services and had ‘no disaster recovery site/solution in place’ it would a take a lot sodding longer than 3 days to get most systems back up and running. And would involve paying the hackers a VERY large sum of money.
From the report I read the attack effected a small part of their infrastructure. They shut everything down to stop it spreading.
I’ll ask again – do you work in information/cyber security? If not, you have no idea what you’re on about…
Not specifically security, but I have worked in IT for 25 years so know a little bit about it.
Also, you’re talking about it being a ransomware attack. The entire purpose of a ransomware attack is not to gain access to data, it’s to purposely lock it down so it’s NOT accessible.
A data breach is not a ransomware attack, they’re 2 very different things with 2 very different intended results. Ransomware attackers don’t give a jot about what data they’re encrypting, it could be the canteens menus for the last 10 years for all they care. They just care about getting companies with no backup plan into a situation where they are forced to pay up.
What I am asking is why are users so willing to trust their data to a company that seemingly have poor defences/responses to cyber attacks. No-one has suggested that this was a data breach.