It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionAccount hacked. Gog please respond(5 posts)(5 posts)
(5 posts)
Pages:
1
This is my favourite topic
Posted September 06, 2015
Good day,

So last night was account was hacked.

I got the email saying my email address was changed.

So now I have no access to my account at all. I have logged a ticket via the contact us function, but based on turn around times for this I am worried.

Also I am truly alarmed at how the change of email is handled. It just allows the change? Why not make the response email a verification one? "Hi, we see you want to change your email address. Click here if this is you."

The whole thing can be avoided just by that.

As much as I love GOG and CD Project this worries me.

I am now skeptical when it comes to using this site :(

We need better security here.
Posted September 06, 2015
People have been calling GOG out on their lack of security for quite some time already but they still have quite a ways to go.

Long as they recover for you it shouldn't be too bad. Though I hope they've gotten beyond the 'We've recovered your account, it's now back to the original password (you know, the one that was apparently breached...)' stage
Post edited September 06, 2015 by Pheace
Posted September 06, 2015
avatar
StefanFrost: Also I am truly alarmed at how the change of email is handled. It just allows the change? Why not make the response email a verification one? "Hi, we see you want to change your email address. Click here if this is you."
With as much spam as there is done via email, some people have several emails, some create a new throw-away email address that they will use for short time. And then once in a blue moon, a service is removed entirely, or they lose all access to their original email address, usually via forgetting password. (Easy to do, set to auto-remember on your browser, have a huge crash on your computer, new computer has no password).

But i agree, having an email notification where you can dispute the change would be preferred, or the effects don't take effect unless you verify you want them done... At which point a second unrelated service to do that (phonecall or something) seems totally reasonable.
Posted September 06, 2015
avatar
StefanFrost: Also I am truly alarmed at how the change of email is handled. It just allows the change? Why not make the response email a verification one? "Hi, we see you want to change your email address. Click here if this is you."
avatar
rtcvb32: With as much spam as there is done via email, some people have several emails, some create a new throw-away email address that they will use for short time. And then once in a blue moon, a service is removed entirely, or they lose all access to their original email address, usually via forgetting password. (Easy to do, set to auto-remember on your browser, have a huge crash on your computer, new computer has no password).
In that case you would have to go through support, which is exactly like it should be handled. Not having some form of two-factor authentication is a disgrace...
Posted September 06, 2015
good luck to op for getting his account back in a timely manner!
And ya that thread needs to stay bumped as they really have to introduce a change of email confirmation check or if that is by some very weird unknown to us reason very hard to implement for them at least a delayed change of email - e.g. that change of email takes 72 or 96 hours by default.
Pages:
1
This is my favourite topic
Community
General discussionAccount hacked. Gog please respond(5 posts)(5 posts)
(5 posts)