GarminPocalypse: Are you joking?
Really? Is Garmin being serious?
There’s probably a man day of work to design, create, approve and distribute a trivial image like that one I’ve just put at the start of the post. Garmin has spent time doing THAT rather than offering any kind of meaningful explanation or assistance.
I can excuse Garmin for being hacked, as I’m fairly sure it can happen to any company (I seem to recall various US intelligence agencies being hacked by random British teenagers for example – Source: bbc.co.uk)
I can excuse them for doing the bare minimum when it comes to communications until they are 100% sure that what they say will be true and meet their legal obligations.
But that image just took the biscuit and broke the camel’s back in one fell swoop of a digital pen. #MixedMetaphor
Admittedly, as the words on the image say, ‘a few moments later’ https://connect.garmin.com/modern/ WAS up and running.
Maybe that image used to always show? If so, the fact that I’ve never seen it before is probably a good testament to how well Garmin Connect ran FOR ME in the past.
The Story as it unfolded
- Ransomware rumoured as major outage becomes clear
- Vaguely interesting stat show complete lack of data from Garmin Connect going to STRAVA
- TrainingPeaks sensibly recommends a password change in certain circumstances
- Possible evidence of the hack and ransom demand (only one source)
- Garmin speaks out
- Partial re-start underway (this post)
- What data is lost?
You might also like
- Must Read: STRYD Review
- Must Read: Garmin Edge 1030 Plus Review
- Must Read: Best Triathlon Watch
- Must Read: Best Running Watch
- Must Read: Apple Watch 6 PRO speculation for September
The other funny thing is Garmin Connect has not asked for my login details again. Did the pay the ransom and simply decrypt their files? Or did they backup cookie session data as well? Backing up cookie session data will be strange.
It could be just a db backup, and the front end never logged you out or terminated the session?
I too didn’t log in….. about 5 hours ago.
I got this one! I mean come on… a BIKE! Are they calling me a user of the CHEAT MACHINE ?! Where do I get that suunto….
https://photos.app.goo.gl/FKsMEUum1eCouukGA
Garmin connect seems to be working as of 9pm CST.
Everything is syncing for the last few days.
yep, check out the status page.
https://connect.garmin.com/status/
Forums are still offline
Garmin.com allows you to get to checkout on items.
Things are starting to come back online.
Indeed this is an existing notification.
What appalled (I thing is the word I think) was the straightforward lies they were putting in their messages the first days.
I’m one of those unlucky saps that had the “won’t record distance” errors on my 945 (which ironically started before the first actual “race” I’ve been able to do in 4+ months). I searched but hadn’t yet read about the delete-old-files trick so I did a factory reset instead. Of course that dropped me out of Garmin Connect Mobile and so far it has not allowed me re-add the device, even though GCM is supposedly back up.
Garmin have finally confirmed it was a cyber attack that encrypted their systems here https://www.garmin.com/en-GB/outage/
“Garmin Ltd. was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation.
We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services. Affected systems are being restored and we expect to return to normal operation over the next few days.
As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition.”
Even if it weren’t an existing message, just because they’re in the middle of an apocalypse, doesn’t mean 100% of their staff have the skills required to participate in resurrecting their infrastructure. Most shops have the expertise required to rebuild from scratch tied up in the hands of a few, select individuals. Some more mature, left-shifted shops have a majority of the dev team involved in dev-ops, but in all likelihood, these shops still have only 5-30% of their workforce involved in those efforts. What exactly are the remaining staff going to do, especially if most of their apps are compromised?
They could use their language skills to craft a carefully worded apology and EXPLANATION of what’s happened, for example. So I would have been happy with yesterday’s explanation given as the first explanation a few days ago.