Hi, I tried to log in as usual and this message appeared. I emailed the help desk, and hopefully they are already aware.
Has anyone else received notification of a data leak? I’m concerned regarding what exactly was compromised and how it’ll affect mine and others accounts.
I also opened the app, and saw that there are “deletes to sync”. That really concerns me.
Platform Website accessed from my iPhone.
I can’t upload my screenshots.
Screenshots of what you are seeing (instructions for taking a screenshot on computers and mobile devices: https://www.take-a-screenshot.org/):
I don’t think it has anything to do with iNat. That looks like a standard browser credential detection pop-up. Your password has been leaked somewhere, but I wouldn’t assume here. I don’t have any notifications like that when relogging on iNat.
Hi Allison, there are two separate issues here so I updated the title to reflect the one that is directly related to iNaturalist.
If you used the same password across multiple sites, it may appear in a warning from your browser. This warning doesn’t come from iNaturalist. We are not aware of any password leaks from iNaturalist, ever.
The “deletes to sync” message in the iOS app is unrelated to your password.
Did I misunderstand that warning, and that it actually meant something occurred outside of iNat?
As in a data leak from another organization has my info, and because I used the same password, it can result in someone hacking my account?
Can you still please investigate? Obviously I am unfamiliar with the steps you take in an investigation and what affects your decision to do so. Or if you’d easily find out if there is a data leak. (By the software you use to protect iNat)
I’m still concerned.
I don’t know if you’re able to say whether or not others have reported the same issue?
Regarding the delete sync- I didn’t delete anything that I can remember. Awhile back I was concerned about a large number of deletions. It was looked into, and if I remember correctly, nothing major was found.
If you’ll please do that, I’d be incredibly grateful. I have no way of backing up my iNat, and if any observations are deleted which shouldn’t have been, they’re lost forever. (Unless you’re able to recover them)
start by changing your iNat password. that alone is 99% chance enough to ensure the safety of your iNat info.
a random civilian’s biodiversity data is not a priority target for hackers and scammers. they want bank info, classified info, incriminating items – if it cannot be turned into cash, why would they be interested?
if this had been done by a single individual specifially to you - not by an outside entity en masse - I would worry about a stalker. but that is not what happened here.
I would focus more on what other accounts might be compromised. many companies unethically hide details when they are breached.
The password warning is about something that happened outside of iNat. As Carrie said, there are no known iNat password leaks.
Correct, the data leak was from another source and because you reused your password, it’s possible (but unlikely) that someone could log in as you on iNat. Since the leak is from somewhere else, the hacker would have to be guessing that you even have an iNat account.
There is nothing for iNat to investigate, there are no known leaks of iNat passwords.
If you want to investigate, you can try your password in https://haveibeenpwned.com/Passwords
This will probably tell you that the password has been leaked and that you should change it everywhere that you have used it.
Every time you reuse a password, especially if you also reuse the login name and/or email address that goes with it, it means that if that password is ever leaked anywhere, someone could guess it and get into your other accounts that use that same password. This is called credential stuffing.
If you have used the same login information that you use for iNat on any important sites, like your bank, go change the password there immediately.
