Elmofongo: So in case you are wondering what's happened. The Email Address that I was using for this account was compromised. It was hacked and compromised such a way that I could not even log in to this website at all registering it as "User Not Found"

I had to make a new account with the name elmofong0 (and another older one with an older registration date) but I knew me making another account to contact the people of GOG in the forums here would help because I have been waiting since November 9th.

I just want to say despite how long it took it came through. And I thank the GOG Team for helping me in my time of need.

And I made this thread just to confirm that its still me.

Elmofongo: ...

tfishell: congrats, glad you were able to sort this out. enable 2FA?

Elmofongo: Yes. Does it come with sending a Authentication Code to your mobile phone?

tfishell: ah, seems it's email only. which I guess wouldn't have helped in your case would it :p sorry

https://www.gog.com/account/settings/security

well, I guess at least use a variety of passwords (probably goes w/o saying tho)

AB2012: Glad you got it back, Elmofongo. :-) I'll leave the same tip here I left on the other thread (not just for you but everyone) - Go into Orders & Settings -> Orders History -> click on the down arrow of a few games (ideally the oldest and some of the newest ones you bought) -> View Receipt and "print" it to PDF, then back up the PDF receipts somewhere safe. If you paid via Paypal, download a few matching Paypal receipts as the Invoice ID / Purchase Details includes the GOG Order number. This is stuff people only typically think about after they've been hacked but if you do it anyway, then if your account ever gets compromised in future you have some immediate proof of purchase to hand of what you bought, how you paid, etc on that account that can make dealing with support a little easier / faster. This is also not just specific to GOG, but is true of pretty much every online store.

As annoying as it has to not have one password for everything, most hacks aren't the account in question being "hacked" but rather a leak from another store for which the first thing the hacker will do is try the same password first on the e-mail account and then on all the major sites (Amazon, Steam, GOG, etc) hoping to get lucky that they're the same. E-mail based 2FA is useless if you share the password with anything else. It needs to be absolutely unique and unguessable.

Elmofongo: ....