Posted June 06, 2015
groundhog42
New User
Registered: Apr 2012
From United Kingdom
DanielRuf
married =)
Registered: Apr 2011
From Germany
Posted June 07, 2015
- there were different malware apps pretending to be GOG Galaxy (see here for example: https://blog.malwarebytes.org/fraud-scam/2015/05/look-out-for-pups-claiming-to-be-gog-galaxy-client/).
- we have right now a great (record) influx of new users registering on GOG with the release of The Witcher 3: Wild Hunt. Combined with the fact that many users are reactivating their accounts for the game and promo that they haven't accessed for long time, we have times more active users than ever before = obviously more reports like that.
As long as you use a password that is considered safe (not trivial to guess and not used in any other service with the same email address) and have your computer 100% free and safe from malware and keyloggers or similar apps, then there is no reason to be worried in our opinion.
If we will have any updates on this topic, we will update you.
This topic is 6 hours old and today is bank holidays in Poland.
Also - this isn't any new topic - we're fully aware of it, and if we believed something was wrong, we would inform you...
This should help users at-least be able to get their account back with a password reset. I also suggest a "log out everywhere" button were any instance of a user's GOG account being logged in is immediately kicked from the server to keep the account thief from being able to stay logged into your account.
Just a thought...
Has someone the link to the VirusTotal analysis for me? It is good to send the sample password protected to all vendors: http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm#Easily_Submit_Malware_To_All_Vendors
Already got it, thanks for the link
https://www.virustotal.com/de/file/2b1c506897fbc36afe7ef751585128e9d779e95e2cd88094c9140a711fb2bf2a/analysis/
Also sent it to all vendors of security solutions.
Post edited June 07, 2015 by DanielRuf
arturotuono
New User
Registered: Jan 2011
From United States
Posted June 07, 2015
UPDATE: I've regained control of my account. I'm still worried that the perpetrator has control of the account (if he/she didn't clear his cookies).
I've posted this elsewhere in other threads about hijacked or hacked accounts, but I thought I'd post this here as well.
We should try lobbying for two-step verification.
Here are some campaigns from the Community Wishlit section:
https://www.gog.com/wishlist/site#search=verific
I've posted this elsewhere in other threads about hijacked or hacked accounts, but I thought I'd post this here as well.
We should try lobbying for two-step verification.
Here are some campaigns from the Community Wishlit section:
https://www.gog.com/wishlist/site#search=verific
DanielRuf
married =)
Registered: Apr 2011
From Germany
Posted June 07, 2015
I've posted this elsewhere in other threads about hijacked or hacked accounts, but I thought I'd post this here as well.
We should try lobbying for two-step verification.
Here are some campaigns from the Community Wishlit section:
https://www.gog.com/wishlist/site#search=verific
Normally they should be revoked when the credentials are changed so all old and active sessions are not valid anymore.
- there were different malware apps pretending to be GOG Galaxy (see here for example: https://blog.malwarebytes.org/fraud-scam/2015/05/look-out-for-pups-claiming-to-be-gog-galaxy-client/).
- we have right now a great (record) influx of new users registering on GOG with the release of The Witcher 3: Wild Hunt. Combined with the fact that many users are reactivating their accounts for the game and promo that they haven't accessed for long time, we have times more active users than ever before = obviously more reports like that.
As long as you use a password that is considered safe (not trivial to guess and not used in any other service with the same email address) and have your computer 100% free and safe from malware and keyloggers or similar apps, then there is no reason to be worried in our opinion.
If we will have any updates on this topic, we will update you.
Also - this isn't any new topic - we're fully aware of it, and if we believed something was wrong, we would inform you...
http://www.gog.com/forum/general/gog_please_give_us_a_statement_regarding_hijacked_accounts/post124
This is somehow a bit weird: http://www.plati.ru/itm/The+Witcher+3%3A+Wild+Hunt+%5Bgog.com+account+%2B+Specials%5D/1937640
Isn't this just 3 Euros? So they buy there username + passwords? Mabye stolen credentials?
Post edited June 07, 2015 by DanielRuf
catpower1980
Hello World
Registered: May 2009
From Canada
Posted June 07, 2015
On the concurrents side, I just recovered my Guild Wars 2 account after not playing it for 2 years. It took 1 week to get it back through support and I was somehow pleased to see that a "connection confirmation" e-mail to "approve" my location was sent to me.
This system would suck for people travelling a lot but as the games are DRM-free, there is no need to connect to the net everytimeyou want to play.
Now, let's get back into this MMO thing... :o)
This system would suck for people travelling a lot but as the games are DRM-free, there is no need to connect to the net everytimeyou want to play.
Now, let's get back into this MMO thing... :o)