It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
avatar
yogsloth: We should compile links to all the relevant threads in the OP.
Here you go:

http://www.gog.com/forum/general/account_hacked/page1
http://www.gog.com/forum/general/hacked_account/page1
http://www.gog.com/forum/general/account_hacked_no_gog_support/page1
https://www.gog.com/forum/general/account_hacked_no_gog_support/post27
http://www.gog.com/forum/general/account_compromised/page1
http://www.gog.com/forum/general/account_hacked_i_suppose/page1
http://www.gog.com/forum/general/my_account_was_hijacked/page1
http://www.gog.com/forum/general/i_think_my_account_got_hacked/page1
http://www.gog.com/forum/general/account_hijacked/page1

Those are the links I have saved to my favorites, don't know if there are others.
avatar
Cyraxpt: Unless this hits the videogame media (or a big forum like neogaf) i don't think that we will hear an answer...
avatar
catpower1980: The thing is that to contact media, you need a "story" so a few posts here and there won't make if you write them a direct e-mail that would need further research. I'm thinking of something but I'll wait tomorrow morning to see if one of the blue finally responds in a useful and informative manner otherwise, I'll go ahead.....
Well, media like to pick up stories from neogaf so if this ends up there (and i'm not saying to anyone make the thread since the moderation there is... weird) it can lead to something.
GOG, please give us more info............
avatar
catpower1980: EDIT 2: For those who don't know how : press "alt" + "print screen" on your browser window and then make a copy/paste in Paint (don't forget to save as .png preferably)
Or if you have Vista or later the snipping tool is a pretty useful tool for this as well. ;)
I'm seeing a lot of stuff about this lately and I keep not wanting to post b/c I certainly can't prove anything, but my credit card # was stolen a week or two after installing the GOG Galaxy client. It was the only time something like that had happened to me and the client was the only change on my PC that seemed significant enough to allow something through my system (I'm unpingable, firewalls are up, I don't go to iffy sites).

I figured it must have been taken from somewhere else, and it probably was. But I'll post this here just in case others have had similar experiences.
avatar
Tallima: I'm seeing a lot of stuff about this lately and I keep not wanting to post b/c I certainly can't prove anything, but my credit card # was stolen a week or two after installing the GOG Galaxy client. It was the only time something like that had happened to me and the client was the only change on my PC that seemed significant enough to allow something through my system (I'm unpingable, firewalls are up, I don't go to iffy sites).

I figured it must have been taken from somewhere else, and it probably was. But I'll post this here just in case others have had similar experiences.
GOG doesn't store CC info, so unless you like had a virus on your PC already... I highly doubt is has anything to do with GOG or Galaxy.
avatar
Tallima: I'm seeing a lot of stuff about this lately and I keep not wanting to post b/c I certainly can't prove anything, but my credit card # was stolen a week or two after installing the GOG Galaxy client. It was the only time something like that had happened to me and the client was the only change on my PC that seemed significant enough to allow something through my system (I'm unpingable, firewalls are up, I don't go to iffy sites).

I figured it must have been taken from somewhere else, and it probably was. But I'll post this here just in case others have had similar experiences.
avatar
BKGaming: GOG doesn't store CC info, so unless you like had a virus on your PC already... I highly doubt is has anything to do with GOG or Galaxy.
Right. So could Galaxy be opening up a vulnerability that people can use to put a keylogger or something on your PC. That's my best guess if CC info is being stolen as well as login info. Somehow Galaxy is allowing Russians to steal our info -- quite possibly. And that's not ok. I reformatted already, but I think I'll be uninstalling Galaxy until later. Things are just getting too weird with that program.
Just how good/bad is GOG security?
avatar
F4LL0UT: I wonder how many of these accounts were registered to a Gmail address. Gmail accounts seem to be quite vulnerable and popular targets for hackers.
I've had gmail accounts since I got an invite to the beta in 2004, never once been compromised. Popular target? Sure. But quite vulnerable to attacks? Not likely. More likely is people using weak/easily guessable passwords, or the same passwords across other websites/logins.

I've also had yahoo accounts since ... uhh... 2000ish, and hotmail accounts since 1998. Before that it was whatever ISP I was using.

The vast majority of compromises are simply due to lax security from the user. Using the same password across multiple websites, for instance. Once one of those websites is compromised, your account for all websites you use the same password on are now as good as compromised.

Get yourself a password manager (I highly recommend KeePass) and go get all your passwords for every website you use changed using randomly generated ones. It's a pain in the ass initially, but the end result is you basically never having to worry about this crap ever again. Keep your security updates on Windows/OS X/Linux, don't install every random program you come across (sandbox it in a VM with no network access if you really must check it out, to determine if it's safe to use on your actual computer) and never give any website or program your login credentials for another website for some convenience/service they're offering. If they don't do 0auth or tokens, they're not worth the risk.
avatar
Titanium: I personally stand behind xkcd's "correcthorsebatterystaple" in regards to passwords.
This comic changed my password life forever several years back ;) I swear by it, and a little pad I keep next to my computer. And I never go to sites that I think will cause problems.
avatar
bluesky777: Just how good/bad is GOG security?
The weakest link is usually the user, so about that much.
avatar
arturotuono: I've tried to collect data informally on this matter, but any idea how many accounts were compromised? Maybe, it's not a complete epidemic. I mean if it were, we'd be seeing a lot more posts like this one.

There's mine (I'm still waiting on a response from the powers that be). I've already messaged Judas and Firek.

I didn't log out of this computer so at least I can still post.
May I ask, would you consider the password you had to be strong?

If you had to rate it out of 10 kind of thing:
with nine being a long random string of characters like "duGgdsFGSe@£s97£ef^dga" (nine because this is an example and there's no perfect password),
with 7 being a strong but short password not based on a word "8FGo5db7",
5 being a word with escaped characters and numbers substituted like "H0rse$h!t,
3 being a straight word "Impenetrability",
1 being a really short word like "bird".

I'm interested to know as I'd like to know if GOG have introduced the ability to bulk attack their servers (which would allow compromising weak passwords), or if they've more fundamentally opened something up.
6-7, but it was a word but not in English.
avatar
arturotuono: 6-7, but it was a word but not in English.
Thanks for answering, can I be a little indulgent and further ask - did you share the password with multiple sites? I'm getting a little bit selfish here because mine's a 6 - 7 but it doesn't seem to be compromised, but mine is unique to this site.

I completely understand if you don't want to answer this by the way, I know I'm being intrusive.
avatar
arturotuono: 6-7, but it was a word but not in English.
avatar
wpegg: Thanks for answering, can I be a little indulgent and further ask - did you share the password with multiple sites? I'm getting a little bit selfish here because mine's a 6 - 7 but it doesn't seem to be compromised, but mine is unique to this site.

I completely understand if you don't want to answer this by the way, I know I'm being intrusive.
One other site but I was in the process of changing passwords so this sort of struck me just as I was about to do an overhaul.