Thanks, GOG --

Apparently, someone got access to my account and purchased a pricey title on my behalf. Luckily, you send out emails regarding purchases like that.

Whatever brain trust stole my credentials, they asked for it to be gifted to their account. I threw an email your way to get the charges to my card reversed. Please also turn over the 'giftee's' account to the authorities.

Thanks.

Hmm, So now they steal accounts and try to make gifts purchases to alt accounts to download the game and get away scott free... Interesting well now I know me not keeping my card info on accounts is the best thing I did yet.

I recommend everyone do the same thing as well to be just that little bit more safe on the web.

OP go and hit up GOG if they used money but if not don't keep anything if you do have it on the account. :/

Good work catching the unauthorised transaction, and for letting GOG know so that they can cancel the transaction before they get hit with a chargeback.

Might be a good idea to switch on two-step login.

Am I to assume the OP has his card stored with GOG because I can't figure out any other way someone else could do that.

Where's the entry for that? I can't seem to find the setting to remove it from my account. Maybe - I have no idea how someone got in - I'm changing passwords, changing all kinds of crap to fix this...

As far as I know, your credit card credentials are not stored on GOG, so I can think of only two ways someone got to use your credit card:

(1) Either you had enabled that payment token feature, in which case they didn't need to know anything about your credit card as it was authorised to allow transactions with GOG; all it took was access to your account.
(2) If it's not (1), then they got them some place else, also got access to your GOG account, and somehow managed to link everything together.

They can now. It's an option they started offering not too long ago.

Stupid question, but how the fuck do you steal a thread? :P

-Hey, I had a question about Titan Quest; where is the thread for it?

-Someone stole it!

I don't know. Maybe the Iroquis do.

No, they still don't store any credit card credentials. Just an option for GOG to keep a revocable token that works only for them, which is in some ways even safer than entering your CC number every time. But it should always be paired with two-step login, so that other people can't get into your account and buy games from there.

OH!
Well then it appears I'm an ignorant butthead! :P

So what else is new? XD

Nope, as Barefoot_Monkey already explained, it's case (1) in my previous post.


In his disturbed mind, everything's up for stealing on a forum, even a thread.

Is the OP sure they used his credit card? It's just as likely they used someone else's stolen card and gifted the key so they could sell it on a third-party site like G2A.

I apologize if this is a stupid question, but you HAVE already contacted support about this, right? Like, you haven't just made this thread assuming the staff will read it?