It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
My account was hijacked this morning and the account email was changed. This is with a unique password only used for my GoG account. I received an email to the original email account confirming the email address had been changed AFTER it had been changed. GoG why are you not confirming an email change via EMAIL before allowing an email change/update to go through? I have two-step verification on my email address, if I had gotten an email asking for permission to change my email address in my inbox then no one hijacks my account. Change the process for updating email addresses and please review my support ticket, as of right now I don't have ownership over my account.

Frustrated -
avatar
RoKUSoKUBoTs: My account was hijacked this morning and the account email was changed. This is with a unique password only used for my GoG account. I received an email to the original email account confirming the email address had been changed AFTER it had been changed. GoG why are you not confirming an email change via EMAIL before allowing an email change/update to go through? I have two-step verification on my email address, if I had gotten an email asking for permission to change my email address in my inbox then no one hijacks my account. Change the process for updating email addresses and please review my support ticket, as of right now I don't have ownership over my account.

Frustrated -
You and many other people are having the same problem, including myself. We're all still waiting for some information :/. Hopefully you will have better luck.
avatar
RoKUSoKUBoTs: My account was hijacked this morning and the account email was changed. This is with a unique password only used for my GoG account. I received an email to the original email account confirming the email address had been changed AFTER it had been changed. GoG why are you not confirming an email change via EMAIL before allowing an email change/update to go through? I have two-step verification on my email address, if I had gotten an email asking for permission to change my email address in my inbox then no one hijacks my account. Change the process for updating email addresses and please review my support ticket, as of right now I don't have ownership over my account.

Frustrated -
avatar
oipluckie1: You and many other people are having the same problem, including myself. We're all still waiting for some information :/. Hopefully you will have better luck.
Sorry to hear it friend -
Email verification is an excellent idea!
avatar
RoKUSoKUBoTs: My account was hijacked this morning and the account email was changed. This is with a unique password only used for my GoG account. I received an email to the original email account confirming the email address had been changed AFTER it had been changed. GoG why are you not confirming an email change via EMAIL before allowing an email change/update to go through? I have two-step verification on my email address, if I had gotten an email asking for permission to change my email address in my inbox then no one hijacks my account. Change the process for updating email addresses and please review my support ticket, as of right now I don't have ownership over my account.

Frustrated -
Do write in 2 support abt this issue, u r not the only 1 experiencing this prob. All the best 2 recovering ur account. :)
avatar
Cheater87: Email verification is an excellent idea!
I don't have an email.
I really don't understand why gog doesn't implements some sort of two factor authentication.
avatar
Cheater87: Email verification is an excellent idea!
avatar
tinyE: I don't have an email.
GOG should add 2-step carrier pidgeon verification.
avatar
tinyE: I don't have an email.
avatar
Wishbone: GOG should add 2-step carrier pidgeon verification.
Make it ravens and you're on.
Wonder if clicking a link in the original email notified to say "no this was not requested" to instantly change it back and then require a password change would help? It's time to break out the blood sample verification I tell ya. Ok maybe too extreme.
I'm very sorry to hear that, mate. Maybe I should strengthen up my password a bit! Can you describe to us how strong it was? (About how many characters long was it? Did you mix upper and lower characters? Digits or symbols?)

About email verification... well, it sounds perfectly obvious now. But, what if it was your email account that was hijacked? How would you then point your GOG account to the new one? You might never be able to fix that (unless you contacted tech support -- hmm, that might work...).

May I propose, lets say... delaying the change of email address for 24 or 48 hours? This does not sound like a big problem for a GOG user, and could help reduce this kind of account hijacking.

In this way, changing the email address would trigger an automatic email to your previous and new address, letting you know of the countdown and the change being made. This notice may trip the "cracked account" alarm sooner, as I expect people to pay more attention to their inbox than their GOG account (unless you are tinyE, but he seems to be an unique individual).

During this change period you would still be able to reset the GOG password, as the transition had not happened yet.
avatar
tinyE: I don't have an email.
avatar
Wishbone: GOG should add 2-step carrier pidgeon verification.
This would be ideal.
Maybe some sort of "what's the name of the third game on the eleventh page of..." like in old manuals. Just sayin'
avatar
TheTrveFenris: Maybe some sort of "what's the name of the third game on the eleventh page of..." like in old manuals. Just sayin'
If your account is hijacked how would you be able to know?
Authy is a great 2 step verification program.
Post edited October 01, 2015 by Cheater87
avatar
Gede: I'm very sorry to hear that, mate. Maybe I should strengthen up my password a bit! Can you describe to us how strong it was? (About how many characters long was it? Did you mix upper and lower characters? Digits or symbols?)
I'd like to know this as well. If anyone else who's had the same experience as the OP would chime in, all the better.