Getting hacked sucks = period. I hope someone addresses this as soon as possible.

I was reliably informed that a period is s somewhat worse ordeal than hacked sucks.

Pfft, your "reliable" source was surely a woman.

For GOG, yes this seems to be fairly new. Seems GOG's growth had some unexpected downsides i.e. now being a target for scammers, hijackers and their ilk. But Hijacking and selling accounts is nothing new, it used to be quite the issue on Steam, then on Origin, Humble and now GOG. My Origin account a few weeks back got hijacked and sold, got it back pretty easily since the moment the email address was changed I got a automated email from EA about it asking if I made the change and if not I could reverse it by clicking a simple link. Still have to try and get in touch with their suppourt to get the changed account security question changed so I can change my damn user name back.

Some say that's an oxymoron. I don't. It's a healthier opinion.

I just reseted my password and it does use email.

though luck

But can a hacker change the email first and then change the password??

This is the first I've heard of this. I just changed my password at Humble and was getting ready to here but then wondered, does that really do any good??? Are the hackers getting passwords and getting in or finding some other way in?

My memory sucks bad and I hate changing passwords and having to relearn/re-memorize them.

We live in a computer age and still need a pen and paper to write down all of our passwords on. Progress right there...


EDIT: BTW, to the OP (and others who have been hacked) how can you post here if you can't access your account? When I'm logged out, I also can't post here in the forums.

Is this becoming a big problem on GOG?

Are you using a randomly generated password? Particularly for a website that you perform financial transactions on...

Are you using a different password for every website? Particularly for the ones you perform financial transactions or store any financial information on.

Are you using a different password for your email address?

I hate to be "that guy" but it seems like the true commonality between hijacked accounts, GoG or otherwise, are lax security practices by the account holder. I'm not saying it's not possible that GoG's user database has been compromised, but the vast majority of these cases are easily avoidable mistakes like using the same password across different websites, or using security answers that anyone could get from stalking you on social media. Or giving dodgy websites/programs access to your account by logging in with your account credentials directly instead of a safer (but still not foolproof) method like 0auth or account tokens.

I use a password manager, I let that password manager generate long, random passwords for every website I visit, and I even use it to generate random gibberish for any security question answers I need to give. And as a final measure I activate 2-factor authentication whenever it's an available option. Whenever a website I'm a member of gets compromised, none of my other accounts are at risk because of it, and it takes just a minute to go in and change my password with a new randomly generated one so even when the thieves eventually crack the encryption, even my old password they now have will be useless.

LOL at the latter question. Just curious, how could you protect a password manager without an authentication system?

Anyway, I recommend KeePass because it's open source.

this post brings back memories of when my account was hijacked on another site and the person tried to spend my www.CHATURBATEFREECAMS.com credit lol

But you'll need the password manager for the random password generation... or another password manager that requires you to log on...

Oh, and is it safe?

Is tinyE the author of that?

I suppose it depends on the product but any decent password manager nowadays offer random password generation. The point is that you in the end always need at least one password which is usually called the master password. Of course, there are arguments against it since you are bundling it into one, large pile to acquire by hackers who after something of real value. Fortunately, open source and strong encryptions helps a long way. I believe KeePass allows the master password to be 64 symbols and you can even add a 2 factor authentication in the form a unique file that you keep on a USB-memory card or use specialized security keys like Yubikey.

If you want convenince where who offers Enterprise or Premium service (support is likely to be better than KeePass) then I recommend LastPass. It's not open source though.