It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
I am asking because I noticed the info on the support page that they are swamped right now and someone tried to reset the password of my account (which I cannot remember ever having happened before), so that of course worries me and I would like to get some official feedback and also advice on what to do next and not to do next in such a case.
Surely GOG has means to gather information to investigate this malicious activity, which strongly indicates some kind of attempt to hack the system/process.
Post edited October 23, 2021 by Dowlphin
No posts in this topic were marked as the solution yet. If you can help, add your reply
avatar
Dowlphin: I am asking because I noticed the info on the support page that they are swamped right now and someone tried to reset the password of my account (which I cannot remember ever having happened before), so that of course worries me and I would like to get some official feedback and also advice on what to do next and not to do next in such a case.
Surely GOG has means to gather information to investigate this malicious activity, which strongly indicates some kind of attempt to hack the system/process.
They're swamped with support requests, not attacks. I'd recommend running a virus scan immediately and after that, change your GOG password (even if the scan doesn't pick up anything). Furthermore, it wouldn't hurt to change the password you have on the email linked to your GOG account, just to be on the safe side. Definitely run the virus scan first, though, as if you have a keylogger, it'd just pick up whatever your new password is. Chances are it was an isolated incident (since it doesn't sound like your email was compromised) but it'd be better to be safe rather than sorry.
avatar
Dowlphin: I am asking because I noticed the info on the support page that they are swamped right now and someone tried to reset the password of my account (which I cannot remember ever having happened before), so that of course worries me and I would like to get some official feedback and also advice on what to do next and not to do next in such a case.
Surely GOG has means to gather information to investigate this malicious activity, which strongly indicates some kind of attempt to hack the system/process.
Well i guess checking https://haveibeenpwned.com/ to see if your Email address was part of a recent leak.
Also would recommend to enable 2FA for your GOG account via https://www.gog.com/account/settings/security - you can enable Two Step login there - then your account should be safe against unwarranted logins.
If your think your actual email address was compromised / hacked change the password from another device like your phone and check your PC/Laptop with a secondary Anti Virus like for example Malwarebytes.

In general actually i think GOG support wont be able to assist you that much with that matter as everyone having your email address could try to trigger a passwort reset if they guess you have a GOG account (so it can be pretty random and not part of another bigger activity)
avatar
Dowlphin: I am asking because I noticed the info on the support page that they are swamped right now and someone tried to reset the password of my account (which I cannot remember ever having happened before), so that of course worries me and I would like to get some official feedback and also advice on what to do next and not to do next in such a case.
Make sure two-factor authentication is enabled on your GOG account, and that your email account password is different from your GOG account password (or any other password you use for that matter), or use two-factor authentication also on your email account, if possible.

After that you should be able to sleep your nights peacefully. Sure you can change your GOG and email passwords as well, just to be sure.

All the password reset attempt means is that someone is aware of the existence of your email address, and is probably blindly trying it on various online services, possibly with random passwords, or sending those email reset requests blindly (not sure why, as they can't change the password unless they have already hijacked your email account).

The internet is full of scammers and bots constantly trying to find security holes in systems and services, no surprise there. Just open (or forward) the port 22 on your router and run a ssh service on your home PC, and quite soon you can see there are constant connection attempts to that port (probably from somewhere in China and/or Russia), trying to log into ssh by blindly trying different username/password combinations. In Linux you can easily track that with the lastb command which shows you all the failed connection attempts.
avatar
JakobFel: They're swamped with support requests, not attacks. I'd recommend running a virus scan immediately and after that, change your GOG password (even if the scan doesn't pick up anything). Furthermore, it wouldn't hurt to change the password you have on the email linked to your GOG account, just to be on the safe side. Definitely run the virus scan first, though, as if you have a keylogger, it'd just pick up whatever your new password is. Chances are it was an isolated incident (since it doesn't sound like your email was compromised) but it'd be better to be safe rather than sorry.
That's what I meant, that maybe they are swamped because many people are reporting these attempts. - But I guess it would be unusual not to have swamped support in these times, hah.
I specifically won't just do the things commonly kneejerk-advised because that might be part of the exploit attempt.
I also am quite IT-security aware, and whenever I had even the slightest suspicion that in the most unlikely case I had malware on my system, that was not the case.
This also is limited to GOG. No other 'attack vector'.
avatar
TT_TT_TT_TT: Well i guess checking https://haveibeenpwned.com/ to see if your Email address was part of a recent leak.
Also would recommend to enable 2FA for your GOG account via https://www.gog.com/account/settings/security - you can enable Two Step login there - then your account should be safe against unwarranted logins.
If your think your actual email address was compromised / hacked change the password from another device like your phone and check your PC/Laptop with a secondary Anti Virus like for example Malwarebytes.

In general actually i think GOG support wont be able to assist you that much with that matter as everyone having your email address could try to trigger a passwort reset if they guess you have a GOG account (so it can be pretty random and not part of another bigger activity)
That check website is pure cringe to me, and even something that bothers me way too often, keyword expert idiots. In their FAQ they keep talking about how very devoted they are to make every step of the process in the spirit of privacy protection and data security and then in most cynical tragicomedy they mention that they are using Google Analytics on their site!

And I have 2FA activated already, and kudos to GOG for doing it in a way that is actually feasible for everybody and not pushing/coercing for mo'bile - the effective global ReallD.

And GOG support should take these things seriously and at least look at the information gathered about the source of the attempt because this could be an attempted cybercrime, and having a general idea about where the attempt came from could be helpful in future security conduct on both ends.
Post edited October 24, 2021 by Dowlphin
Just had a reset email come through this morning...Whoever did it didn't try and access my account here first just a password reset.

Could be coincidental, but might be worth looking at on GOG's end considering I haven't used GOG in nearly four years now.
avatar
Dowlphin: And GOG support should take these things seriously and at least look at the information gathered about the source of the attempt because this could be an attempted cybercrime, and having a general idea about where the attempt came from could be helpful in future security conduct on both ends.
I am unsure what GOG could really do about it.

They can check which IP address those connection attempts come from and report that to the ISP's abuse contact address... but that probably doesn't change anything especially if the ISP is in China or Russia.

They could block the IP address where those connection attempts come from... but that is quite ineffective as the evildoer will just change the IP address. Plus, GOG can't be sure legit users aren't trying to log from that IP address well, if it is behind a proxy with lots of users connecting with the same public IP address.

Locking GOG accounts after three or five or ten failed connection attempts would be a bad idea as well because then the evildoers could lock all the GOG accounts with mere failed login attempts.

Also, since the evildoers can't really access the 2FA-secured GOG accounts anyway even with a unless they have also successfully hijacked the email account as well, there isn't much of incentive or even point for GOG to use resources on trying to "catch" the people sending email reset requests.


MAYBE one thing GOG could do was to add the information on the password reset email that from which IP address the request came from. Then the user can do whatever they want with that information, like contact the support of that ISP that one of their users is trying to log into their GOG account.
Post edited October 24, 2021 by timppu
avatar
ExitiumMachina: Just had a reset email come through this morning...Whoever did it didn't try and access my account here first just a password reset.

Could be coincidental, but might be worth looking at on GOG's end considering I haven't used GOG in nearly four years now.
I just got a response from support and it is not an isolated incident but a 'current wave'.
So no need for others to write to support, too.
They also said they cannot provide any info about the attacker (probably for legal reasons) but are taking care of the issue.
As mentioned by our support team, this is not an isolated case. Our Security Team is aware and taking appropriate steps. Please make sure your 2FA is activated. You can also change your current password just in case.

I will let you know of any updates.