While trying to verify something to help another person, I noticed that the security logs for my Oculus account claim I'm currently logged in from a computer in Cedar Mill, OR, United States. The problem is that I've never been there. This was the only entry which seems suspicious. But when I selected "logo out everywhere", this entry did not log out. Nor will it let me do anything about it.
I'm working on changing my password due to this. And I already removed payment methods just to be safe. But I do kind of need to know, is this normal? Is this a sign someone else is accessing my account? What's going on here?
I just took a look at my security logs, I've got multiple accesses from Cedar Mill, Or, too.
I also see last year there were 3 logins from montreal, canada. I've never been there.
It might just be the location resolution software is messed up and its all fine.
If anybody wants to check, go to https://secure.oculus.com/my/security/
Some more info.
If you go to the Facebook security log instead of Oculus security log, you get all the same entries, but also ip addresses.
The Cedar Mill entries show up as "Unknown location". The IP address is actually an IPv6 address of 2a03:2880:27ff:e::face:b00c, owned by Facebook (Yep, Facebook IPv6 addresses end with face:b00c). The dns for it is fwdproxy-ldc-014.fbsv.net.
So it looks like the Cedar Mill thing is just what is returned when the address isn't known, it was actually Facebook.
Okay, that's a bit of a relief. I regularly change my passwords, which I create in Notepad via closing my eyes and typing randomly then capitalizing randomly chosen characters and deleting to fit if it's excessively long. I then save that notepad doc, which is kept on a USB stick I don't leave plugged in. I'm a bit paranoid and change all my passwords at least once a month, sometimes every 2 weeks. Yes, even the wifi preshared key.
Then again, I had my Sony Online Entertainment account hacked back in 2007. Fortunately it had been an idiot who didn't change the password or anything else. He then used his own credit card to buy Everquest 2 and all the expansions at the time. Along with 6 months of subscription time upfront. Amusingly, I am a packrat and still had (still have, actually) all the account creation keys from every MMO I bought in a store. Yes, even the ones that have gone belly up since I bought them. I got on the line with SOE customer support and proved it really was my account by being able to rattle those keys off for Everquest Platinum edition and Vanguard: Saga of Heroes.
Funny thing is, the guy who hacked my account called SOE customer support while I was talking with them, claiming his account got hacked. I had changed the password the second I saw an MMO I had never bought while going to renew Vanguard for the month. And the idiot happened to get the customer service rep I was talking to.