Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why do I keep seeing other people's profiles?

Former Member
Former Member over 11 years ago
Hi,

Over the last few weeks when I have opened the Garmin Connect site, instead of seeing my profile, I've been able to see other people's private profiles in place of my own. This is without logging on as them - the page just opens.

I've attached a screenshot from the page that opened just a few minutes ago. This is not the first time it's happened. I have on at least three separate occasions been automatically logged into other user's profiles as that user and have been able to browse their entire history and see their private settings. I have had to log out of their profile and back into my own to correct the problem.

I'm using Chrome on a Mac if that's any help, but it's probably a fundamentally broken cookie/session problem with the Connect site.

I emailed Garmin about this last week but got not response. This is a pretty serious data protection problem in my view. In the EU, failing to adequately protect personally identifiable information (eg addresses, DOB, etc) is going to land you in some serious data protection hot water and result in a nice hefty fine. I don't want other people seeing data that I don't wish to share, and I'm sure plenty of other people would feel the same.

Garmin - fix this yeah? If I happens again I'm raising it with people that will make you fix it.

Dan
  • 0 over 11 years ago
    This does seem to represent a significant hole somewhere in the security of Garmin connect - I have seen this in a slightly different form where I see the workouts from other users - and in one case when I sent workouts from my calendar to my watch I got some Polish workouts as well as my own. For me this seems to occur when I have left connect open on my PC and it has in some way timed out. Not sure what you mean by raising it with people that will make you fix it but I would think that this probably breaches Garmin's requirements of a "duty of care" in regard to protection of people's personal data in a number of jurisdictions in the EU. Quite how that applies to a website that probably hosts the data in the US I'm not sure but either way Garmin should address this.
  • Former Member
    0 Former Member over 11 years ago
    I've also seen merged routes from other people in my own profile so this is probably a related problem.

    Got a bit of forum rage last night so my grumpy "threat" was really just saying I would raise this with data commissioners so highlight the insecurity of the site.

    It's is a serious problem though as I imagine that it wouldn't be too hard to script something that just brute forces it's way into other accounts as the authentication is basically broken. Once you can do that you can suck out email addresses, find out where you live, impersonate users, etc and that would be great for people wanting to phish you or your connected friends. Or even worse - find out where you live and steal your nice bike!
  • 0 over 11 years ago
    FWIW, I've seen this myself on a few occasions as well; the same behaviour as Dan is seeing.
  • Former Member
    0 Former Member over 11 years ago
    I am often logged into other users accounts when I refresh the page. Its usually when I have Garmin Connect open for a long time and has timed out. Luckily I know where the sign out link is as the pages are usually in other languages. Norwegian, Chinese etc

    I have also had several untitled cycling workouts added to my profile. I hope Garmin sort this out soon. Their website is full of bugs.
  • Former Member
    0 Former Member over 11 years ago
    System Glitch - Logged in as a different user

    This morning I logged into Garmin Connect and I was logged in as a different user. No idea how this happened or who the user is. This is actually the second time it has happened. I have 'Remember me' checked off and I usually auto log in. The first time I was logged in to someone's account in France (I'm in the USA). Today it was a whole different language. I have no idea how this happens but Garmin needs to address this security issue ASAP! If I sign out then sign back in it fixes the issue.
  • 0 over 11 years ago
    I've logged this and related issues with Garmin support and got the following response

    "The issue you are referring to is something that we are aware of and are working hard towards a resolution, however, we do not have a timeframe for this to be completed as yet.
    When the issue has been corrected, the fix will be released in a software update. This will be announced on your Garmin Connect account or on Garmin Express. If, at that point you require further assistance please contact us via our Contact Centre whereby we will be happy to talk you through it."

    At least they are aware of it - but the more people that log it with them the more focus it will receive - I'm sure that it is potentially in breach of data protection law in Europe so they really should look at fixing this quickly - particularly when they are adding social media functions to connect and potentially increasing the security hol
  • Former Member
    0 Former Member over 11 years ago
    I had this problem, and I was just advised to clear my cookies. The person, despite me explaining the security flaw, didn;t grasp that this was an issue. It took them 10 days to respond to my support request, and I'm 7 days in since I sent my last reply.

    I'm going to report them to TrustE certified privacy, which they proudly display on the connect home screen. Its clearly not private if the whole login system can be bypassed by some old cookies.

    http://privacy.truste.com/privacy-seal/Garmin-International,-Inc-/validation?rid=43b04d94-b963-47b7-b3f0-0b576c59203f

    I work in software and I understand that bugs happen, but this is an absolute cardinal sin.
  • 0 over 11 years ago
    Agreed - It is clearly not a cookie issue anyway - I have had the problem on PC's that are solely used by myself
  • Former Member
    0 Former Member over 11 years ago
    Just to update this, I still haven't had a response back from my Garmin ticket, so am going to go ahead and report it to Trust E
  • 0 over 10 years ago
    Able to access other People's Connect

    Occasionally when I'm am using Google Chrome and am logged in under my username, using Garmin Connect, I find myself being able to access other people's pages. It's not every page, just some pages, and the reason I usually notice is that the pages are in another language. It has happened at least 3 times. Is this a known issue?