It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionAccount stolen!(48 posts)(48 posts)
(48 posts)
Pages:
1
2
3
4
This is my favourite topic
Posted March 27, 2016
avatar
MaximumBunny: GOG takes off holidays and has something like half the staff on weekends. They'll respond by Monday.
avatar
Wishbone: Tuesday. Monday is still a holiday, I think. It is here, anyway.
Actually regarding the sale freebies snafu, support had told me they would not be acting on them until Tuesday as well.
Posted March 27, 2016
I'm back! :D

Big thumbs up to Judas and Cwaniak from support who responded really fast and worked on an Easter sunday evening to help me out.

And I totally recommend using 2-step verification. I guess it was pretty naive of me to think that I won't need it. But I'm happy I didn't save my payment info, cause the fucker wanted to buy The Last Federation - the game was still in the checkout.
Posted March 27, 2016
avatar
Fesin: I'm back! :D

Big thumbs up to Judas and Cwaniak from support who responded really fast and worked on an Easter sunday evening to help me out.

And I totally recommend using 2-step verification. I guess it was pretty naive of me to think that I won't need it. But I'm happy I didn't save my payment info, cause the fucker wanted to buy The Last Federation - the game was still in the checkout.
Do bear in mind that if you, like some of us, have any privacy setup on your browser, i.e. cookie/history removal, then 2-step verification will be a real pain for you. They should have implemented it on account details change, but no, just whack it on everything.
Posted March 27, 2016
avatar
Fesin: I'm back! :D

Big thumbs up to Judas and Cwaniak from support who responded really fast and worked on an Easter sunday evening to help me out.

And I totally recommend using 2-step verification. I guess it was pretty naive of me to think that I won't need it. But I'm happy I didn't save my payment info, cause the fucker wanted to buy The Last Federation - the game was still in the checkout.
avatar
nightcraw1er.488: Do bear in mind that if you, like some of us, have any privacy setup on your browser, i.e. cookie/history removal, then 2-step verification will be a real pain for you. They should have implemented it on account details change, but no, just whack it on everything.
Good point, actually. I guess I have to see how I'm gonna do it. Still not on my main PC.
Posted March 28, 2016
avatar
Fesin: I'm back! :D

Big thumbs up to Judas and Cwaniak from support who responded really fast and worked on an Easter sunday evening to help me out.

And I totally recommend using 2-step verification. I guess it was pretty naive of me to think that I won't need it. But I'm happy I didn't save my payment info, cause the fucker wanted to buy The Last Federation - the game was still in the checkout.
Hah, take that, nay-sayers! Looks like GOG support did a fine job once again.

Good to hear you have your account back. And if you lost any gift codes or anything like that, support can probably sort that out for you, as well. Any idea yet, why this happened?
Posted March 28, 2016
avatar
CharlesGrey: Hah, take that, nay-sayers! Looks like GOG support did a fine job once again.

Good to hear you have your account back. And if you lost any gift codes or anything like that, support can probably sort that out for you, as well. Any idea yet, why this happened?
Doesn't look like they went for the gift codes. Maybe they were too cheap for them. :p
No, honestly no idea, still trying to figure it out.
Another strange thing that happened, is that all the e-mails from the account that I've been using for GOG.com disappeared, even though it seems like the e-mail account itself was secure (I was able to log in and change the password). No idea what's going on there, but it's kinda strange.
Posted March 28, 2016
avatar
CharlesGrey: Hah, take that, nay-sayers! Looks like GOG support did a fine job once again.

Good to hear you have your account back. And if you lost any gift codes or anything like that, support can probably sort that out for you, as well. Any idea yet, why this happened?
avatar
Fesin: Doesn't look like they went for the gift codes. Maybe they were too cheap for them. :p
No, honestly no idea, still trying to figure it out.
Another strange thing that happened, is that all the e-mails from the account that I've been using for GOG.com disappeared, even though it seems like the e-mail account itself was secure (I was able to log in and change the password). No idea what's going on there, but it's kinda strange.
Might be related to your mail account then. Either that, or you do have some sort of trojan on your PC, and various accounts/passwords of yours have been compromised. Very frustrating, either way. :/

Do keep us updated in case you figure out the source of the problem, since it might help others.

Edit: Might want to change any important passwords, just in case, and don't use the potentially compromised computer for now.
Post edited March 28, 2016 by CharlesGrey
Posted March 28, 2016
avatar
wpegg: Really? Why the hell did they do that? It's always been one of their key security points is that they keep minimum info on you.

Roll on the steamification of GOG.
At least, they made it optional. If some suckers want their credit card info to be less secure and will bring their business elsewhere if they don't get it, then let them shoot themselves in the foot.

People are so lazy with their security its incredible. I've met a handful who people whose reaction when using Ubuntu (after their Windows machine got infected with some nasty virus) was "why do I need to input my password each time I install something"?

As far as I'm concerned, people like that deserve to have a virus-infested computer.
Post edited March 28, 2016 by Magnitus
Posted March 28, 2016
avatar
Magnitus: At least, they made it optional. If some suckers want their credit card info to be less secure and will bring their business elsewhere if they don't get it, then let them shoot themselves in the foot.
The introduction of this feature lead to rather lengthy discussions, but as I understand it, this new method may actually be more secure than entering your CC details each time. And GOG doesn't actually store any sensitive data, your bank/CC provider does, so you're only in trouble if their servers get compromised ( which would be a problem either way ).
Posted March 28, 2016
avatar
wpegg: Really? Why the hell did they do that? It's always been one of their key security points is that they keep minimum info on you.

Roll on the steamification of GOG.
avatar
Magnitus: At least, they made it optional. If some suckers want their credit card info to be less secure and will bring their business elsewhere if they don't get it, then let them shoot themselves in the foot.

People are so lazy with their security its incredible. I've met a handful who people whose reaction when using Ubuntu (after their Windows machine got infected with some nasty virus) was "why do I need to input my password each time I install something"?

As far as I'm concerned, people like that deserve to have a virus-infested computer.
We don't store anyone's CC details. Instead, what gets made is a token that can only be used on GOG.com and nowhere else.
Posted March 28, 2016
avatar
Fesin: cause the fucker wanted to buy The Last Federation - the game was still in the checkout.
I don't understand this at all. Fine if you to mess with people but if all you want the game, piracy should be easier and safer.

I agree with others about 2-Factor Authentication, they really should add the option only for account changes like password and e-mail.
Posted March 28, 2016
avatar
Magnitus: At least, they made it optional. If some suckers want their credit card info to be less secure and will bring their business elsewhere if they don't get it, then let them shoot themselves in the foot.

People are so lazy with their security its incredible. I've met a handful who people whose reaction when using Ubuntu (after their Windows machine got infected with some nasty virus) was "why do I need to input my password each time I install something"?

As far as I'm concerned, people like that deserve to have a virus-infested computer.
avatar
JudasIscariot: We don't store anyone's CC details. Instead, what gets made is a token that can only be used on GOG.com and nowhere else.
So if I have a token, some hackers can hack my account, buy lots of gifts with the token and sell the keys to the grey market?
Posted March 28, 2016
avatar
CharlesGrey: you're only in trouble if their servers get compromised ( which would be a problem either way ).
Not 100% accurate.

If an attacker gains complete control of GOG's servers, but I input my info manually, I'm only at risk in the interval of time between the gain of control and GOG noticing it and shutting down their servers.

If my info is in the database, then an attacker just needs to compromise the database (something that is sometimes easier to do then completely compromising a server) at any point in time to gain control of my info.

avatar
JudasIscariot: We don't store anyone's CC details. Instead, what gets made is a token that can only be used on GOG.com and nowhere else.
Significantly better than just CC details, but I still prefer to input it manually.
Post edited March 28, 2016 by Magnitus
Posted March 28, 2016
avatar
Gnostic: So if I have a token, some hackers can hack my account, buy lots of gifts with the token and sell the keys to the grey market?
As I mentioned in another thread, the first time I used the token during the insomnia sale, it did ask me for my CVV number to verify. Not sure if I wasn't ask the other times because I was with the same IP or because it was within 24 hours of last using it. So depending on method used, a hacker may be unable to use the token to buy anything.
Posted March 28, 2016
avatar
Gnostic: So if I have a token, some hackers can hack my account, buy lots of gifts with the token and sell the keys to the grey market?
avatar
JMich: As I mentioned in another thread, the first time I used the token during the insomnia sale, it did ask me for my CVV number to verify. Not sure if I wasn't ask the other times because I was with the same IP or because it was within 24 hours of last using it. So depending on method used, a hacker may be unable to use the token to buy anything.
If I read the GoG token thread correctly, it is suppose to reduce the hassle of the user keying in Card number again, so a month later the user can buy things without keying the number again. Hence the token is permanently tied to your account. Else it won't be much hassle saving.

If I can log in as you, I can buy gifts as you.

Since it is optional, it is no problem for me, but it is a good habits in clearing the token to prevent abuse once the buying spree is over.
Post edited March 28, 2016 by Gnostic
Pages:
1
2
3
4
This is my favourite topic
Community
General discussionAccount stolen!(48 posts)(48 posts)
(48 posts)