So new to GOG here. Got a code for Witcher 3 and downloaded the game and played a bit. I used the Galaxy client. Now today I come back to play and find out me username does not exist anymore. Because I can still log in to the web site (cookies I suppose) I can see that the email associated with my account has changed without my consent. Not cool. I placed a support ticket but no response yet. Is there a phone number one can call? This is very troubling

Support is probably swamped right now with the sale going on. Give them a bit of time and they'll get to you, but don't submit another ticket, as this just drops you to the bottom of the queue. One avenue of approach you might try is to send a Chat message tio one of the blues (GOG employees) here (Ciris or Judasiscariot or any other one you may see posting here) and maybe they can bump you up in priority.

Unfortunately, this seems to be a somewhat common issue, but GOG seems to sort it out pretty quickly when it's reported.

On the page for submitting a support ticket, the e-mail address from your account will be pre-filled. You can change that, however. The address entered when you submit the ticket will be the one GOG responds to, so make sure it's one you have access to.

i'm starting to question, if this could be some kind of anti-galaxy campaign made by steam?

It seems like you have still access to your gog-account. Why don`t you change your e-mail now? But don't forget to change your password too.

I doubt it, but the occurrence of all these overtaken accounts interests me. I would like to know what they all have in common so that we all can offer the suggestion "don't do this". Can't. The password is changed so they can't change the e-mail or password, but the cookie is still valid so they can access the site through the account (because they didn't log out last time they visited, the session is still open through that browser because it has a valid session token: the cookie).

It's interesting indeed, as it was said accounts were not 'brute forced' there has to be some common reason.
Last time it occurred, our fellow victim didn't dl his galaxy installer in a shady place.
At least one victim had his account since 2013.
One common point is that victims are not forum squatters (which is statistically likely to be expected).

Well, little conundrum we have here.

yes. correct. password was changed as well so I can't change my password either.

There have been numerous reports of hacked account recently, though I'm not certain if its to do with GOG or more to do with password selection / brute force attacks.

Can I ask if you used the same password you signed up at GOG with on other gaming-related websites? I have a suspicion that some of these hacked accounts may be due to repeat use of passwords that may have been farmed from a compromised server that may not be associated with GOG directly. Also, if it is a repeat password, I would highly advise you use a password manager software and change any passwords and logins which you might have used the same password for, instead setting unique, random, long passwords for every site you have an account with.

And one allegedly hadn't used Galaxy at all, if I remember correctly.

I'm starting to think that there are too many loopholes in Galaxy's code even inexperienced hacker wannabes can pick. I also can't get why they use .ru domens > there is gmail for your sake! Stupid-stupid Russians! ;(

From what I recall from another thread, someone was selling compromised accounts, though he may have been presenting them as his. So person A buys an account, so they do add their email to the account, not a throwaway one.

that might be indeed a reason why sometimes accounts get hacked easily: re use of the same pw for every online site, i think users think that because its on a completely differnt site, it is safe to use the exact same pw they use.

So that why i always wonder why some online (browser) games are using 1 password to access all our games.
Example: gameforge dot com uses or used similar: if you have x number of games you play online you would be able to benefit from it.

I always wonderd how it works lets say you have 8 games on GF, and its accesable using one login(with pw ofcourse)
what would happen if a fisher got the pw of the main account that allows you to access your other games.

Normally you would have 8 different passwords for each game, so i assume that using that one login you will get a menu from which you can choose what game to play, how will it work? will you be logged in automatically?( that would be unwise) or do you still need to enter the pw? i assume thats the way it has to be done, otherwise phishers would have a real good time.

I had some GF browsergames in the past, but i never used that 1 account to access all your games :D

And the link danger: i saw something about phishing on steam theres a vid on it on youtube, apparently it tell that there might be accounts that do bad things using funny links, its all very complicated, but basically they are saying becarefull what you click, check the url, and be carefull with random requests for friends or so on steam,

Anyways its still strange that a big company like steam cant prevent form fake/bot accounts signing up and do bad things to unaware users (mostly younger ones i guess cause in the gameforums i visited it were mostly younger
members whos account got 'compromised' and they lost access).
Nowadays you have to be extremely carefull online.

I'm not linking linkies, just google "купить аккаунт с ведьмаком" (buy account with witcher).

And yes, I'm completely baffled why is that even a thing. The DRM-free version is out there on torrents for free and yet Steam accounts sell for $4. I can understand demand for Steam codes that people might want to redeem into their collections on the cheap, but why on earth would anyone want to pay for someone else's Steam account (considering scammers remove any liquid extras from it before a sale)? It's like wearing someone else's dirty underwear. Eww.

doesn't make sense. cookie login session should expire after a while, and/or store the password. if your password changed, you shouldn't be able to login at all.