i'm wonder if GOG is affected by this -> https://weakdh.org/ (it's way above my knownledge)

even the latest release of Firefox 38.0.5 (stable) is vunerable, in other hands IE11 (with the latest update) isn't...

If they got emails+passwords from GOG... wouldn't then there be much more hacked GOG accounts by now? If my account was hacked and password changed, I probably couldn't access the site at all with a web browser anymore, as I re-enter my email and account password each time (as i clear cookies etc. automatically when I exit Firefox).

I haven't used Galaxy since the closed beta. Already sent the ticket in, I do use humblebundle but my information for that is different than my current account. I'll Send a message to Firek.

Additional Information: Just did a full reinstall of Windows in the last 72 hours due to what I thought was a corrupt driver, may have potentially been a virus but I doubt it.

That's what I do too, but from what I read most people don't, and since they can coexist with the hacker, perhaps not many have noticed anything strange with their account yet?
And we don't know if the only incidents are those that have posted on the forum.

I don't know, it's all speculation right now.

I managed to get into the account from a computer I was still logged into, but I can't change any of the information back. I have a screenshot of the changed email.

Sorry to bump but I still haven't gotten an email confirmation for my ticket, any suggestions?

If you can't change your details back, presumably that's why you aren't getting e-mails.

I'm starting to get worried :(

I had to make a new account to make this thread/ticket. Last time I had to contact GoG I got an automated email response almost instantly.

Any further updates?

Nothing great, I made another ticket from the account itself, I'm still not getting any ticket confirmation to my email account. I'm guessing their system is swarmed due to the sale.

/bump

I've tried contacting GoG on Facebook and Reddit, still no response.

Yeah, in the words of the great Bart Simpson, "this both sucks and blows".

Does GoG have a system in place which adds say a 15 minute delay after 3 failed login attempts? That would help towards brute force attacks on weak passwords... As for identical passwords across sites, it's sorta common unfortunately, and i do recall several sites saying they were hacked on a shared server and it was recommended you change all your passwords.

Hmmm... I'm reminded when i worked at [s]insert business name here[/s]... It was required you change your password every 3 months and you couldn't reuse an older password. So i ended up appending to the base password, a few words at a time.

#1 Password
#2 Password_1
#3 Password_Just
#4 Password_JustAnother
#5 Password_JustAnotherWord
#6 Password_JUSTAnotherWord
#7 Password_JUSTANOTHERWord
#8 Password_JUSTANOTHERWORD

Hmmm... Can only remember the last one i used... Course i worked there 10 years ago, so yeah...

Guys, I would suggest not to visit the wishlist for the moment. There is a serious bug there, allowing anyone to insert arbitrary javascript code. That allows anyone to insert code that can possibly change your e-mail and/or password upon visiting a wishlist entry with a comment containing such a malicous piece of code without you noticing.
More info in this thread: https://www.gog.com/forum/general/so_this_is_interesting/page1 (better do not click on the wishlist link in that thread either)