It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
avatar
darkwolf777:
Excellent post, +1 and thanks for the info.
avatar
Destro: No, we are not aware of any such vulnerability or any data leak. We do monitor our login servers and there is no brute force attack happening either. Keep in mind however, that:
- there were different malware apps pretending to be GOG Galaxy (see here for example: https://blog.malwarebytes.org/fraud-scam/2015/05/look-out-for-pups-claiming-to-be-gog-galaxy-client/).
- we have right now a great (record) influx of new users registering on GOG with the release of The Witcher 3: Wild Hunt. Combined with the fact that many users are reactivating their accounts for the game and promo that they haven't accessed for long time, we have times more active users than ever before = obviously more reports like that.

As long as you use a password that is considered safe (not trivial to guess and not used in any other service with the same email address) and have your computer 100% free and safe from malware and keyloggers or similar apps, then there is no reason to be worried in our opinion.

If we will have any updates on this topic, we will update you.

This topic is 6 hours old and today is bank holidays in Poland.

Also - this isn't any new topic - we're fully aware of it, and if we believed something was wrong, we would inform you...
avatar
BKGaming: While this is good news, it still doesn't mean that GOG shouldn't have better authorization here... perhaps before an email can be changed GOG should send the email a short 4 - 8 digit code that must be entered before the new email can be added?

This should help users at-least be able to get their account back with a password reset. I also suggest a "log out everywhere" button were any instance of a user's GOG account being logged in is immediately kicked from the server to keep the account thief from being able to stay logged into your account.

Just a thought...
The same website which spreads this and other malware is often used on hacked websites using a CMS like WordPress or Joomla. WordPress is the most used CMS. I saw very many hacked websites where links to the same website were injected and lead to malware. The actual filename differs but in most cases it is the same malware.

Has someone the link to the VirusTotal analysis for me? It is good to send the sample password protected to all vendors: http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm#Easily_Submit_Malware_To_All_Vendors

Already got it, thanks for the link

https://www.virustotal.com/de/file/2b1c506897fbc36afe7ef751585128e9d779e95e2cd88094c9140a711fb2bf2a/analysis/

Also sent it to all vendors of security solutions.
Post edited June 07, 2015 by DanielRuf
UPDATE: I've regained control of my account. I'm still worried that the perpetrator has control of the account (if he/she didn't clear his cookies).

I've posted this elsewhere in other threads about hijacked or hacked accounts, but I thought I'd post this here as well.

We should try lobbying for two-step verification.

Here are some campaigns from the Community Wishlit section:
https://www.gog.com/wishlist/site#search=verific
avatar
arturotuono: UPDATE: I've regained control of my account. I'm still worried that the perpetrator has control of the account (if he/she didn't clear his cookies).

I've posted this elsewhere in other threads about hijacked or hacked accounts, but I thought I'd post this here as well.

We should try lobbying for two-step verification.

Here are some campaigns from the Community Wishlit section:
https://www.gog.com/wishlist/site#search=verific
Right, the cookies have a very long lifetime (some are valid until December 2020. This should not be the case.
Normally they should be revoked when the credentials are changed so all old and active sessions are not valid anymore.
avatar
Destro: No, we are not aware of any such vulnerability or any data leak. We do monitor our login servers and there is no brute force attack happening either. Keep in mind however, that:
- there were different malware apps pretending to be GOG Galaxy (see here for example: https://blog.malwarebytes.org/fraud-scam/2015/05/look-out-for-pups-claiming-to-be-gog-galaxy-client/).
- we have right now a great (record) influx of new users registering on GOG with the release of The Witcher 3: Wild Hunt. Combined with the fact that many users are reactivating their accounts for the game and promo that they haven't accessed for long time, we have times more active users than ever before = obviously more reports like that.

As long as you use a password that is considered safe (not trivial to guess and not used in any other service with the same email address) and have your computer 100% free and safe from malware and keyloggers or similar apps, then there is no reason to be worried in our opinion.

If we will have any updates on this topic, we will update you.

avatar
Cyraxpt: Unless this hits the videogame media (or a big forum like neogaf) i don't think that we will hear an answer...
avatar
Destro: This topic is 6 hours old and today is bank holidays in Poland.

Also - this isn't any new topic - we're fully aware of it, and if we believed something was wrong, we would inform you...
Sure, your cookies have a very long lifespan. I see many thing which can and should be improved.

http://www.gog.com/forum/general/gog_please_give_us_a_statement_regarding_hijacked_accounts/post124

This is somehow a bit weird: http://www.plati.ru/itm/The+Witcher+3%3A+Wild+Hunt+%5Bgog.com+account+%2B+Specials%5D/1937640

Isn't this just 3 Euros? So they buy there username + passwords? Mabye stolen credentials?
Post edited June 07, 2015 by DanielRuf
On the concurrents side, I just recovered my Guild Wars 2 account after not playing it for 2 years. It took 1 week to get it back through support and I was somehow pleased to see that a "connection confirmation" e-mail to "approve" my location was sent to me.

This system would suck for people travelling a lot but as the games are DRM-free, there is no need to connect to the net everytimeyou want to play.

Now, let's get back into this MMO thing... :o)