Nirth: Also, since so many people get hacked surely the security vulnerability lies on GOG's side and not users
MaximumBunny: They keep on denying it and say it's just users using the same email/password on other sites. With all of the VBulletin hacks that's a possibility, but we know the site is pretty screwed up and that since the original coders left they've been unable to maintain it at 100%.
All we know is that it happens and it needs to stop happening. :P
If there were a true vulnerability, there would be far more than the trickle of complaints. Do you have any idea how many hashes have been taken? Do you have any idea how many people use the same password on every site despite better advice?
The number of complaints seem very consistent with poor password and/or computer security.
To get an idea, check this site out -
https://haveibeenpwned.com/
It tells me that someone named Nirth had his Email addresses, Passwords, and Usernames stolen from Gawker.
Furthermore, this would not be the first time someone has had his account stolen just to have game codes bought from it with a stolen credit card. You can credit sites like G2A for that...