Hi,

Since the 18th of August, a hacker got into my account (somehow guessed my password) and has been using it ever since (over 50 hours of gameplay in The Witcher 3 already). I contacted GOG support and they helped me to get a new password so I could access my account again and change the password.

Unfortunately, GOG Galaxy seems to have some kind of autologin, it logs in as soon as you open Galaxy without asking for your email and password (Even though it was changed!). For that reason, I am the only one who knows my password, so the hacker cannot change it again, but he is STILL ABLE TO ENTER Galaxy and access my library.

I want to get rid of this hacker, and get back my private account, so that only I can play the games I paid for. So my question is: Is there any way to force him to logout from my account in GOG Galaxy so that he is required to enter the password when he opens Galaxy the next time? I guess he will still be able to play The Witcher 3 offline, but at least we won't be able to steal any other games from me.

Thank you!

This might be a weapon of last resort, but you could try uninstalling and reinstalling Galaxy to boot him out.

Uninstalling GOG Galaxy on my PC here in Spain will boot this Russian guy out? I'm gonna try that right away, just in case! Thanks!

has anyone with more than 2 rep been hacked?

Ok, I already uninstalled, and reinstalled Galaxy, Hope it works! Hmm I don't really know what do you mean :/

That was for everyone else, don't worry about it. :P

not me. then again i don't use galaxy or play witcher games. maybe it's a galaxy vunerability? or are witcher gamers/ "new users" more likely to install keyloggers on their computers? that or easily guessed passwords like "fuck1234", or some of them bought "fake" accounts from scammers.

and nah... scammers are good people, otherwise they would de-rep me!111

Either way a problem that needs fixed.

Well that's a bit worrying if that auto login with no credentials required thing is accurate. That means he can just use your account endlessly, and not to forget abuse your credit card info to just buy games through the client (assuming that's possible with stored CC info).

Even though my login details are fairly complex, I really hope we get 2-factor authentication. I don't know why it's not already the standard here on gog.com. Not only does it give peace of mind, it also makes sure stuff like this doesn't happen.

As a side note, I find it really weird that gog.com hasn't plugged the hole or been able to log him out remotely or whatever.

I hope the re-install thing works for you.

I suppose using paypal might be a good idea to a point.

Thank you for your help guys, appreciate it :)

I have no idea how this guy managed to do it, but I changed the password and he has not been able to change it back anymore, so maybe I am "safe" now.

Luckily, my credit card data is not stored! (That's the first thing I checked haha)

Exactly, as Jinxtah says, it is weird that the support team could not log this guy out and force him to enter my password in order to access my account again... The last time I received an email from them was a week ago, and they havent answered a couple emails I sent afterwards, I even created a new ticket, but still... Hope someone from GOG staff checks this thread and help me!

By the way, I guess that it is possible for this guy to see this thread and edit my posts, as this is accesible from Galaxy too...

Sure, and I do use paypal personally, but I imagine not everyone has a paypal account, and even if they do, some might not be using it here.

Obviously but it is better than putting in your bank details if you know what I mean. I'd rather have an extra road block in their way.

Probably - though its more likely they are accessing your account from a browser as prior users that have been hijacked have reported the only way they could post via their own account was from their browser (having not cleared the cache etc). So, I'd guess thats whats happening here. No expert though.

Well, you could always use the secret password: "Ding-a-dang-a-dong my danga-langa-ding-dong!"


Oh... shit!

The attacker may still be using the same active session. I agree about the 2-factor auth.