Well, if the credit card data is connected to the GOG account....yeah I can see that. I didn't consider this, since I don't use CC.

edit: Turns out I can't read. :D So you are saying they might use an account to buy games with a stolen card. That's even worse than I imagined.

It seems like hackers are getting the passwords through brute forcing. GoG has just increased security again in response to the recent spate of attacks. reCaptcha is now required every single time I login.

Brute forcing passwords isn't too hard, especially when you can do thousands per second, although it's easier when you have a hash to decode. However for images, computers are bad at recognizing things unless they have an exact match/copy to compare against. A tiny bit of warping or change, grain, focus or the like and they can't identify anything.

I don't see an issue with reCaptcha for logging in, as I've stayed logged in for... a month or longer at a time, so I will rarely see it.

Especially considering that most people use very simple passwords or dictionary words.

Either use a passphrase, or permutate the password using an algoithmn, probably including hashes and encryption based on a master password.

Do you remember what our "passphrase" is in case we meet?

Battery horse is correct?

You really shouldn't jest about a matter this serious, I thought you were better than that.

I recommend using a password manager instead. You only need to remember ONE password and it'll remember all your passwords for you stored in an encrypted file. They make it so much easier to handle passwords 40+ characters long!

A good password manager will also create totally random passwords for you mixing upper and lower case letters, numbers and symbols. Brute forcing it would take forever; dictionary attacks wouldn't go anywhere.

If you need recommendations I've heard good things about KeePass, and I use Password Safe.

Yeah, I'm thinking of using something similar, possibly PWGen, although if there's a better one...

I remember using a password generator when I had some connections to AT&T where they mandated you had to change your password every month or something, and having the generator select the next password in the series (created by a master password) was nice, since it was copy/paste. Although at the time the generator was a plugin that FFv12 used. I kinda miss those days...

Anyways. and [url=https://www.pwsafe.org/]Password safe .. .I'll look if those are better fits.

I heard good things about KeePass, specially. Give it a try.
And it's completely free, so even if you end up not liking the program, you didn't waste a cent on it.
Here is the official site: http://keepass.info/index.html

Well from the looks of it, both KeePass & Password safe are not only open source, but on sourceforge.net.

I've already downloaded both packages and I'll give them a look over, although they seem more useful than PWGen just off hand.

He could be trying to steal your avatar, alter it slightly, apply it to his account, make funny comments, then log in as you and go around making jokes which aren't nearly as good, thereby establishing his superiority as The Supreme Sam Avatar.

Of course, that entire notion is ridiculous.

Joke's on him, since I'm not using the original Sam

I just had someone try to hack me a few hours ago, too! My first time!

"OS:
Windows 7
Browser:
IE 11.0
Estimated location:
Russia, Nizhniy Novgorod"

By far the most offensive part of this... Internet Explorer?!?!

Saved by two-step, thankfully, and password changed to something even more fancy. But just what is going on?!