It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionAccount hacked(12 posts)(12 posts)
(12 posts)
Pages:
1
This is my favourite topic
Posted June 19, 2015
Account was hacked yesterday by someone in Denmark while I was out of the house doing shopping.

0 access was given to the hacker via my emails since it would require a message to my mobile for them to login.

My issue here is that just by knowing my password he was able to change my email and password without first sending a link to my email confirming whether or not I give permission for it.. this is unacceptable and i don't know of any other company that has as little account security as GoG do right now.

Obviously I have contacted support about the issue with no reply yet.

If you guys actually do something about 2 step verification or even sending a link to the accounts email that has to be clicked in order to bring up a page to change the password / email like every other company does this can be avoided very easily in the future.

My other worry is how did they even get my password? its a random letter / number combination in the first place that would take a super computer years to figure out.. my computer is not infected in anyway since all of my other accounts like steam / Battle.net / Origin / Uplay / Emails are all unaffected so something is very wrong.

I am currently posting this from my account because I am still logged into it but cannot change anything about it (password / email since I don't know what he changed it to)
Post edited June 19, 2015 by supernoodles2011
No posts in this topic were marked as the solution yet. If you can help, add your reply
Posted June 19, 2015
Maybe he used some sort of Man-in-the-middle
Posted June 19, 2015
avatar
supernoodles2011: Account was hacked yesterday by someone in Denmark while I was out of the house doing shopping.

0 access was given to the hacker via my emails since it would require a message to my mobile for them to login.

My issue here is that just by knowing my password he was able to change my email and password without first sending a link to my email confirming whether or not I give permission for it.. this is unacceptable and i don't know of any other company that has as little account security as GoG do right now.

Obviously I have contacted support about the issue with no reply yet.

If you guys actually do something about 2 step verification or even sending a link to the accounts email that has to be clicked in order to bring up a page to change the password / email like every other company does this can be avoided very easily in the future.

My other worry is how did they even get my password? its a random letter / number combination in the first place that would take a super computer years to figure out.. my computer is not infected in anyway since all of my other accounts like steam / Battle.net / Origin / Uplay / Emails are all unaffected so something is very wrong.

I am currently posting this from my account because I am still logged into it but cannot change anything about it (password / email since I don't know what he changed it to)
There has been a small increase in "hacked" accounts lately, but it appears that any actual security compromise was not on GOG's end. The most likely scenario (at the moment) is that some other website was compromised and the passwords from that site were also used here. GOG did just implement an e-mail confirmation system (yesterday), but if your account was taken before then, it doesn't really help you. So far, most of the accounts hacked have been taken by people using .ru e-mail addresses and some have actually been sold to the account squatters by an unknown third party. Additionally, quite a few of the stolen accounts are lapsed or non-active users, so when the theft of the account actually took place is a little unclear, since some of these accounts might not have been accessed by the real account owner in weeks, months or even years.

Long story short, your complaints are both valid and have been addressed, just not in time to prevent any hassle for you.
Posted June 19, 2015
avatar
supernoodles2011: Account was hacked yesterday by someone in Denmark while I was out of the house doing shopping.

0 access was given to the hacker via my emails since it would require a message to my mobile for them to login.

My issue here is that just by knowing my password he was able to change my email and password without first sending a link to my email confirming whether or not I give permission for it.. this is unacceptable and i don't know of any other company that has as little account security as GoG do right now.

Obviously I have contacted support about the issue with no reply yet.

If you guys actually do something about 2 step verification or even sending a link to the accounts email that has to be clicked in order to bring up a page to change the password / email like every other company does this can be avoided very easily in the future.

My other worry is how did they even get my password? its a random letter / number combination in the first place that would take a super computer years to figure out.. my computer is not infected in anyway since all of my other accounts like steam / Battle.net / Origin / Uplay / Emails are all unaffected so something is very wrong.

I am currently posting this from my account because I am still logged into it but cannot change anything about it (password / email since I don't know what he changed it to)
You'll be interested in This Post.
Posted June 23, 2015
I feel as if I am going to have the unfortunate luck of losing my account since the support replied and is requesting a cd key from me..

My issue is it was a key that I redeemed on the Nvidia website for buying an Nvidia 970 to which I literally just copied the code Nvidia gave me and pasted it into my GoG account like any normal person would do.

I decided against saving a copy of my key since I really didn't expect the service to have such bad security naturally..

I mean I have provided information of my email which was the email used since day one on the account plus my order number and the date I redeemed the key not to mention I live in England and the new email / password was changed in Denmark surely that is enough proof something is wrong.
Posted June 23, 2015
avatar
supernoodles2011: I feel as if I am going to have the unfortunate luck of losing my account since the support replied and is requesting a cd key from me..

My issue is it was a key that I redeemed on the Nvidia website for buying an Nvidia 970 to which I literally just copied the code Nvidia gave me and pasted it into my GoG account like any normal person would do.

I decided against saving a copy of my key since I really didn't expect the service to have such bad security naturally..

I mean I have provided information of my email which was the email used since day one on the account plus my order number and the date I redeemed the key not to mention I live in England and the new email / password was changed in Denmark surely that is enough proof something is wrong.
Send a reply pointing this out, if you haven't done so. Perhaps they'll come up with a better plan for proving you're you.
Posted June 23, 2015
avatar
cogadh: GOG did just implement an e-mail confirmation system (yesterday)
Really? So soon?? I'm shocked! :O
Posted June 23, 2015
avatar
supernoodles2011: I feel as if I am going to have the unfortunate luck of losing my account since the support replied and is requesting a cd key from me..

My issue is it was a key that I redeemed on the Nvidia website for buying an Nvidia 970 to which I literally just copied the code Nvidia gave me and pasted it into my GoG account like any normal person would do.

I decided against saving a copy of my key since I really didn't expect the service to have such bad security naturally..

I mean I have provided information of my email which was the email used since day one on the account plus my order number and the date I redeemed the key not to mention I live in England and the new email / password was changed in Denmark surely that is enough proof something is wrong.
avatar
Coelocanth: Send a reply pointing this out, if you haven't done so. Perhaps they'll come up with a better plan for proving you're you.
yeah I hope so sadly if there were safeguards in place originally I wouldn't be in this situation =/ what makes it harder is everything is electronic i would prefer talking to someone over the phone any day
Posted June 25, 2015
Good news is my email has now been set back to my original and i was able to change the password again :)
Posted June 25, 2015
avatar
supernoodles2011: Good news is my email has now been set back to my original and i was able to change the password again :)
Cool! :)
(f**k those hackers)
Post edited June 25, 2015 by phaolo
Posted June 25, 2015
avatar
supernoodles2011: Good news is my email has now been set back to my original and i was able to change the password again :)
Advice: change your email or use a email redirector, not just the password. if you're more paranoid than me, change the email for any other internet services /account that uses the same email address, or cancel/delete them if they're unimportant.
Posted June 25, 2015
yeah i changed it to my gmail :)
Pages:
1
This is my favourite topic
Community
General discussionAccount hacked(12 posts)(12 posts)
(12 posts)