Today I had a very nasty surprise. When I woke up I opened up an internet browser to go and see what new things gog had in store.
I was logged out, and when I TRIED to log back in, it said that my password was not valid.

It very well might have been invalid, it was very early in the morning, but after time and time again, I decided to reset my password. That would work!

It was a very nasty surprise that when I checked my email, THERE WAS THIS MESSAGE

Hi Luisfius, your e-mail address was changed
This is a confirmation, that the email address associated with your GOG.com account Luisfius (witcherebay123@gmail.com) was successfully changed. Below you will find the details of this operation:
New email address: witcherebay123@gmail.com
Previous email address: luisfius@gmail.com

IP Address: 85.64.84.212
OS: Windows 7
Browser: Firefox 39.0
Estimated location: Hadera, Israel

What?
Someone from Israel stole my account?
And changed my email?
That is not a GOOD THING!

I have sent emails to support but since going to work I have not received a single response yet.
This is the only response so far: "Your support request "Someone stole my account!" has been received. It has been assigned ticket number 8AS25JO4."

It seems like I was still logged on to the forums due to the cookie. Will see if I can reset my email from here. If not, well, I hope that support comes through soon because this IS very worrysome.


Edit: What the fuck, it says I am in malta. I am certainly not in Malta.

Damn I hope this gets fixed, not cool at all. I changed my pws just in case too. I know Luis from other communities, he's most certainly not from malta or israel. I dunno how this can even happen.

Gog galaxy seems to be cookied there. THESE ARE NOT MY DETAILS AND I CANNOT CHANGE THEM.

http://i.imgur.com/7nP4NDt.png

Don't worry you will not loose anything!

What you can try to do, is if you see a blue one (means GOG-staff) online, start a chat with him and let him know, this problem they normally try to resolve first.

Unfortunate, you have to hunt them manually down.

Did you include the email sent from GOG into your trouble ticket?

EDIT:

Post from Ciris:

http://www.gog.com/forum/general/account_hacked/post82

http://www.gog.com/forum/general/increasing_login_security_recaptcha/post1

There have been a rash of these incidents reported recently, in many cases GOG support has been able to restore account access to the correct individual. You might have to wait a little until they are able to catch up with their supports tickets, but with a little patience it seems most users are able to get their accounts back.

This is the first I've seen of an established GOG member having their account hijacked, though. Usually it has been zero rep folks who are new to GOG who have had their accounts compromised. May I ask, do you use the same password across multiple sites? If so, I highly suggest you change your passwords and begin using a password manager to make random, unique, long password chains for all your different site logins. I'm not sure if the high number of stolen GOG accounts of late is necessarily guessed password related from another sites compromised database or from some other vector, but basic password security best practices is a must these days in any case as there are so many small websites that have poor security practices and all it takes is one of those sites to get compromised for your email/password combo to fall into a bot script and tried against a multitude of site logins.

You should not let your e-mail address like this in the open, spambots *love* this kind of thing ;)

Umm,this is becoming a real pain seeing things like this.As the.kuribo already stated,this
is a bit of a concern for security threats and it's the inconvenience that comes with it.

My condolences.

While waiting for support, why not email the "culprit" at witcherebay123@gmail.com? Perhaps if you ask nicely, he will return you your account (i.e. change the email to yours and tell you the password). What have you got to lose?

Anyone shady enough to just snake someones account is almost certainly not going to feel inclined to just give it back for any reason. They might think it's funny and get insulting which is only gains hurt feelings. There is even a chance to get into a word war over it with them and have them feel you are worth taking a personal interest in. There are some people you don't want taking a personal interest in you. People that snake people's things are more likely to be those people.

And is there a good reason someone wants to account jack a GOG account? Is it just for Galaxy support, because it's not like all the games aren't just hanging out on pirate sites to be had if someone is in to that sort of thing.

So would now be a good time for everyone on GOG to start changing their passwords?

My password is really easy to guess.

No, really, that's the password. "really easy to guess."

I remember seeing a thread reporting one of these hijacking incidents where the victim contacted the perpetrator via email and they apologized, saying they did not know the account was stolen, and then actually returned control of the account to the victim. So it may be possible, as the perpetrator might not want to cause so much duress that they then be actively investigated.

As for the why, it seems that GOG accounts are being sold on the Russian blackmarket for some reason as per some posts I've read on the subject in the GOG forums. It seems like they are maybe just advertised as a "legitimate" way of getting a game, for those who are not knowledgeable about piracy or are gullible enough to believe that what they are purchasing is legit.



Only if you use the same password somewhere else too. And again, it may not necessarily be a vulnerability in GOG, but a vulnerability in some other site in which you use the same login/password combination. It's hard to tell what the reason behind the recent rash of GOG account hijacks is, but for basic security you should be using a password manager and random, unique, long passwords for each of your site logins.

Do you have The Witcher 3? And if so, where was it purchased/acquired from? The Malta thing and Israeli IP suggests that they may have used a VPN for this. Witcher Ebay 123 implies that the account was sold or will be sold. Which again makes no sense since all of their installers and dlc are free on pirated sources if someone wanted to get it without any trouble with GOG. Still not sure how this "account selling" thing got popular.

Luisfius here, I do have Witcher 3. And it was acquired directly from GOG.
I have never bought a gog key out of gog, as far as I can tell.

Did you buy Witcher 3 or some expensive title? Here or elsewhere?

Did you do something special recently?
Like installed some program, opened some attachment, visited some site..

I'm scared O_o'