It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
high rated
EDIT: Thank you, Destro, for clarifying things for us!

Destro's response can be found by following the SOLVED link at the bottom of this post.


Is it a vulnerability on GOG's side of things?
Is my account secure?
Do you know how accounts are getting hijacked?

Here on the forum we are piecing together a picture that looks like this:

Many new accounts are being hijacked.
Their emails are being changed to a .ru address.
Possibly using same passwords on multiple sites.
Possibly these users all came from Steam.

Is that picture accurate?
How many hijacked accounts are we talking about here?

What is being/has been done to make sure our accounts are safe?

Thanks to haydenaurian for the collection of relevant links.

http://www.gog.com/forum/general/account_hacked/page1
http://www.gog.com/forum/general/hacked_account/page1
http://www.gog.com/forum/general/account_hacked_no_gog_support/page1
https://www.gog.com/forum/general/account_hacked_no_gog_support/post27
http://www.gog.com/forum/general/account_compromised/page1
http://www.gog.com/forum/general/account_hacked_i_suppose/page1
http://www.gog.com/forum/general/my_account_was_hijacked/page1
http://www.gog.com/forum/general/i_think_my_account_got_hacked/page1
http://www.gog.com/forum/general/account_hijacked/page1
Post edited June 05, 2015 by misteryo
This question / problem has been solved by Destroimage
I'm not a new user but my account was hijacked. The e-mail was changed to a .ru address.

I did not use Gog Galaxy and I do not have Witcher 3.

They did try to use the password on other sites.

I do have a Steam account but that appears to be fine.
avatar
misteryo: Many new accounts are being hijacked.
Their emails are being changed to a .ru address.
Possibly using same passwords on multiple sites.
Possibly these users all came from Steam.
I wonder how many of these accounts were registered to a Gmail address. Gmail accounts seem to be quite vulnerable and popular targets for hackers.
Post edited June 04, 2015 by F4LL0UT
avatar
misteryo: Many new accounts are being hijacked.
Their emails are being changed to a .ru address.
Possibly using same passwords on multiple sites.
Possibly these users all came from Steam.
avatar
F4LL0UT: I wonder how many of these accounts were registered to a Gmail address. Gmail accounts seem to be quite vulnerable and popular targets for hackers.
yahoo is worse - and (it seems) is the go to for russian region hackers / phishers
avatar
F4LL0UT: I wonder how many of these accounts were registered to a Gmail address. Gmail accounts seem to be quite vulnerable and popular targets for hackers.
avatar
Sachys: yahoo is worse - and (it seems) is the go to for russian region hackers / phishers
Then it`s good that I have my email accounts at german providers.
avatar
Sachys: yahoo is worse - and (it seems) is the go to for russian region hackers / phishers
I knew there would be a reason to keep my rugF@aol address ;-)
"GOG, please give us a PR spin on a possible software vulnerability."

I wish you luck, but I feel like we should all know exactly how this is going to play out.
My gmail address does not appear to have been compromised. I've checked the access history: only me.
This is worrisome. Something needs to be addressed at least security wise on this site. Requiring two factor authentication would go a long way to prevent this from happening. At the very least disable email changes through the website until this is sorted out. Any email change can still go through support.
Yes, I would be also glad to here some official GOG's statement about this issue. Seeing so many accounts compromised is sure a bit scary..
I STRONGLY second this. We need some info, it's been too long since this started.
I use an AOL Mail address. (************@aim.com) Does that make any difference?

Whatever the case..... PLEASE give us a statement about this GOG. Pretty please.
Post edited June 04, 2015 by BillyMaysFan59
avatar
BillyMaysFan59: I use an AOL Mail address. (************@aim.com) Does that make any difference?
Me too!

/jk
Might as well add my voice to this, since I didn't notice this thread before posting my own. Or, to put it bluntly, what the fuck, GOG?
Disclaimer.
avatar
misteryo: Is it a vulnerability on GOG's side of things?
No.
avatar
misteryo: Is my account secure?
Idunno, download the databases and check if your account is in there.
avatar
misteryo: Do you know how accounts are getting hijacked?
Yes, typical stuff, some sql insertion, some brute force on the side, then checking against GOG's login. Hackers are currently holding a giveaway of Steam keys stolen from people's Humble Bundles.