It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Yesterday morning I have received one of those emails you never want to receive:

no-reply@gog.com

"Hi XXX, your e-mail address was changed

This is a confirmation, that the email address associated with your GOG.com account XXX (rostilovka88@gmail.com) was successfully changed. Below you will find the details of this operation:
New email address: rostilovka88@gmail.com
Previous email address: xxxx@xxx.xxx
IP Address: 95.81.223.143
OS: Windows 8.1
Browser: Yandex Browser 15.4.2272
Estimated location: Novocheboksarsk, Russia"

Watch out guys there is a security breach somewhere.
Looking for my account back and for a two steps authentification method.
Post edited June 19, 2015 by Ciris
No posts in this topic were marked as the solution yet. If you can help, add your reply
high rated
avatar
cavaler-2: Yesterday morning I have received one of those emails you never want to receive:

no-reply@gog.com

"Hi XXX, your e-mail address was changed

This is a confirmation, that the email address associated with your GOG.com account XXX (rostilovka88@gmail.com) was successfully changed. Below you will find the details of this operation:
New email address: rostilovka88@gmail.com
Previous email address: xxxx@xxx.xxx
IP Address: 95.81.223.143
OS: Windows 8.1
Browser: Yandex Browser 15.4.2272
Estimated location: Novocheboksarsk, Russia"

Watch out guys there is a security breach somewhere.
Looking for my account back and for a two steps authentification method.
Hi!

First off, I'd like to apologise to all who have experienced account hacking on our site over the past couple of days. We're hard at work to make this less of an issue and less likely to happen - but I understand how frustrating it must be to lose access to your games.

Having said that, there's a new measure that will help us pick up on hacked accounts more easily.

If your account e-mail changes, you will get an automated message.

It that looks like this and has the new e-mail address, the old one, the IP currently in use (together with estimated location), and the OS and browser of the current user.

If you get such a message and it wasn't you who changed the email address, contact us.

Use the link at the end of the message ("contact our support team") to let us know it happened. You'll be redirected to our contact form - here's an example of how to fill that in.

We do our best to get back to hacked account emails as soon as possible, and to change the e-mail addresses as quickly as we can and restore the fully functional accounts to their rightful users.

IMPORTANT:

1) When contacting us regarding a hacked account, you must replace the e-mail address with one you have access to - otherwise, our reply will end up at the hacker's e-mail address, which you have no control over or access to.

2) Please do not send multiple requests to support - if you do, your request is pushed to the back of the queue again. If you feel the need to add more details to your support request without getting bumped back, you can do so by replying to the automated support reply you will get with your Ticket ID.

3) As soon as you get access to your account back, please change your password. It may be a simple thing, but please don't forget. It will mean the hacker once more lost access to your account for sure.

[edit]: bumped this to be the 2nd reply in the topic so it's easier to find for others with a similar problem, re-bumped the original post to the top to remain above the reply.
Post edited June 19, 2015 by Ciris
avatar
Skein: This is amazing (sarcasm, of course), Gog team gave me back my account, I changed the pass for one that I never used anywhere, changed my email pass too aaaaand... my account was hacked again.

You guys really need to improve the security on GOG, my Steam, Origin or any other services accounts were never hacked.
avatar
Goodaltgamer: are you sure you haven't got a keylogger or similar on your PC?

How did you change it? via browser, via Galaxy, via WiFi?

No I am not trying to blame you ;)

But it sounds rather strange, hence I am asking ;)
I changed it via browser (Chrome), wired conection.

I checked the entire PC with two different antivirus (windows defender and ESET nod32) just in case, nothing found.

Keyloggers are detected by antivirus software, right? If that's not the case, What can I do to be sure that my PC is clean?

Anyway, I think my PC is not the problem, I have other accounts (Steam with 200+ games, Paypal, etc) more succulent to hackers and nothing happens.
avatar
Skein: I changed it via browser (Chrome), wired conection.
Should be fine, less vulnerable to eavesdropping (except for your ISP).
avatar
Skein: I checked the entire PC with two different antivirus (windows defender and ESET nod32) just in case, nothing found.
This is a good sign, but you can never rely on antivirus to detect everything (not saying that they are completely useless - they can provide adequate protection in most circumstances). Also, if you didn't scan with a LiveCD/rescue cd, you probably won't catch any rootkits.
avatar
Skein: Keyloggers are detected by antivirus software, right? If that's not the case, What can I do to be sure that my PC is clean?
As I said, only sometimes. You cannot be sure. Here is a list of what you can do to get rid of viruses in increasing order of difficulty (and effectiveness):
1. Scan your PC.
2. Scan your PC from a rescue cd (an image can be downloaded for free from most antivirus vendors (but only download on a known good and clean computer)).
3. Reinstall the operating system (also note that you might get re-infected if you plug in any infected media, but this is unlikely).
4. Install another lesser-used OS such as Linux (you probably don't want to do this, but most viruses are targeted at Windows (and sometimes OSX) only. Therefore they probably won't work with another operating system).
5. If you want to be really really really sure that your PC is clean, buy new hardware and don't connect any of the old hardware to the new one. Of course, practically no-one would do that and following any of the previous steps would almost surely rid you of it.

I would recommend that you follow at least the first two steps, but the third one is also a good measure. Of course I don't expect anyone to follow the last two ones unless you are just as paranoid as I am (I haven't followed the last one, though).
avatar
Skein: Anyway, I think my PC is not the problem, I have other accounts (Steam with 200+ games, Paypal, etc) more succulent to hackers and nothing happens.
You are probably right, but if someone tries to log on in a country you haven't visited, the websites often requires two-factor authentication.

Edit: I see that you use Chrome. Before you try anything outlined here, check for rogue plugins and/or extensions (to save time).
Post edited August 16, 2015 by Lillesort131
avatar
Skein: I changed it via browser (Chrome), wired conection.

I checked the entire PC with two different antivirus (windows defender and ESET nod32) just in case, nothing found.

Keyloggers are detected by antivirus software, right? If that's not the case, What can I do to be sure that my PC is clean?

Anyway, I think my PC is not the problem, I have other accounts (Steam with 200+ games, Paypal, etc) more succulent to hackers and nothing happens.
Some more tests you could do besides what has been mentioned by Lillesort:

Use in this case kind of all available free ones (Windows defender is a rather simple one) ESET not to bad.

No, keyloggers are not necessarily being detected (rootkits)

But to be sure(r) you could start your PC from a liveCD (linux) and run online checks off your computer, this makes it harder for rootkits to hide.

Accounts to hack, it rather depends on what this group is looking for ;)

Also: A lot of people are downloading shitload of Apps and they could have a leak as well.....I always try to keep my system small and clean, helps as well.....
avatar
Skein: I changed it via browser (Chrome), wired conection.

I checked the entire PC with two different antivirus (windows defender and ESET nod32) just in case, nothing found.

Keyloggers are detected by antivirus software, right? If that's not the case, What can I do to be sure that my PC is clean?

Anyway, I think my PC is not the problem, I have other accounts (Steam with 200+ games, Paypal, etc) more succulent to hackers and nothing happens.
avatar
Goodaltgamer: Some more tests you could do besides what has been mentioned by Lillesort:

Use in this case kind of all available free ones (Windows defender is a rather simple one) ESET not to bad.

No, keyloggers are not necessarily being detected (rootkits)

But to be sure(r) you could start your PC from a liveCD (linux) and run online checks off your computer, this makes it harder for rootkits to hide.

Accounts to hack, it rather depends on what this group is looking for ;)

Also: A lot of people are downloading shitload of Apps and they could have a leak as well.....I always try to keep my system small and clean, helps as well.....
I would try HerdProtect, Malwarebytes Antimalware, AdwCleaner,Trend Micro HouseCall and a few other.
While GOG does have security issue, it all boils down to your own PC at last. If you are getting keylogged/phised/backdoored by someone outside there, there's no way GOG can repeatedly help.

Check your PC first. I've never had my GOG account hacked, and I'm sure bunch of people have safe accounts as well. Probably poor security practices? Same password?
avatar
zeroxxx: While GOG does have security issue, it all boils down to your own PC at last. If you are getting keylogged/phised/backdoored by someone outside there, there's no way GOG can repeatedly help.

Check your PC first. I've never had my GOG account hacked, and I'm sure bunch of people have safe accounts as well. Probably poor security practices? Same password?
Regardless of the cause, a 2-step verification removes the majority of these cases being issues.
avatar
Tarnicus: Regardless of the cause, a 2-step verification removes the majority of these cases being issues.
Yes, it's time to massively upvote website features such as:
http://www.gog.com/wishlist/site/2_step_verification_and_other_account_guard_security
http://www.gog.com/wishlist/site/second_layer_of_protection_to_gogcom_accounts
http://www.gog.com/wishlist/site/twostep_verification
Thanks for the links, voted. I am surprised to see how low the vote count was for those :(
Yeah so mine was almost stolen just like half an hour ago by a Russian. I was fortunate enough that GOG.com still somehow recognized my old email and let me reset the password and change my email back (just filled in my email and GOG.com let me through for the password reset).

I actually am very secure about everything and have unique email-password combination just for GOG. I even use a different paypal email from everything else and have 2-step and backups on like everything possible. I just finished scanning my PC for malware and viruses and results were negative.

Still no clue how someone got hold of my account info when my password contains no real words, multiple cases, multiple numbers and symbols...
Those Ruskies, I just hate Russians! ;)

avatar
leoneomeo:
Have you ever installed GOG Galaxy?
Post edited September 03, 2015 by Cadaver747
avatar
Cadaver747: Those Ruskies, I just hate Russians! ;)

avatar
leoneomeo:
avatar
Cadaver747: Have you ever installed GOG Galaxy?
Yes in fact, since the beta and that Witcher board game thingy which I tried briefly. Updated when Witcher 3 released and since then for about every patch for the game. Should I remove it? I actually launch it only to check for new versions of the game, almost never during gameplay (saving on computer resources),


EDIT: Oh wow, he tries again with the password reset thing...
Post edited September 03, 2015 by leoneomeo
avatar
leoneomeo: Yes in fact, since the beta and that Witcher board game thingy which I tried briefly. Updated when Witcher 3 released and since then for about every patch for the game. Should I remove it? I actually launch it only to check for new versions of the game, almost never during gameplay (saving on computer resources),
You shouldn't unless you want to. You see I ask every person with the same issue about, and the only one thing they have in common is that they've installed GOG Galaxy. Despite that at least 2 users claimed that it's impossible to hack it (somehow I don't understand why), I noticed one peculiar thing. So I installed Galaxy, played a few games and then closed a window, as always the program told me that it goes minimized, I then right clicked on the tiny icon in my Win7 tray and select exit, then shut down my PC. Two days later I turn on my computer open GOG Galaxy and guess what, it was logged on my account. So perhaps a hacker with some tool can get your associated IP, then break into your GOG Galaxy account credentials and emulate *your* session somehow. It's only my thinking, I'm not a tech specialist.
Post edited September 03, 2015 by Cadaver747
avatar
leoneomeo: Yes in fact, since the beta and that Witcher board game thingy which I tried briefly. Updated when Witcher 3 released and since then for about every patch for the game. Should I remove it? I actually launch it only to check for new versions of the game, almost never during gameplay (saving on computer resources),
avatar
Cadaver747: You shouldn't unless you want to. You see I ask every person with the same issue about, and the only one thing they have in common is that they've installed GOG Galaxy. Despite that at least 2 users claimed that it's impossible to hack it (somehow I don't understand why), I noticed one peculiar thing. So I installed Galaxy, played a few games and then closed a window, as always the program told me that it goes minimized, I then right clicked on the tiny icon in my Win7 tray and select exit, then shut down my PC. Two days later I turn on my computer open GOG Galaxy and guess what, it was logged on my account. So perhaps a hacker with some tool can get your associated IP, then break into your GOG Galaxy account credentials and emulate *your* session somehow. It's only my thinking, I'm not a tech specialist.
Hm, interesting theory. But it all comes down to one fact: Galaxy is totally insecure!
avatar
Cadaver747: Those Ruskies, I just hate Russians! ;)

avatar
leoneomeo:
avatar
Cadaver747: Have you ever installed GOG Galaxy?
those galaxy hacking , witcher playing ruskies!!!!
avatar
Maxvorstadt: Hm, interesting theory. But it all comes down to one fact: Galaxy is totally insecure!
Chromium-galaxy? blame Google NSA.
Post edited September 03, 2015 by dick1982
avatar
Ciris: ...2) Please do not send multiple requests to support - if you do, your request is pushed to the back of the queue again. If you feel the need to add more details to your support request without getting bumped back, you can do so by replying to the automated support reply you will get with your Ticket ID. ...
Aside from the hacking this seems to be an issue that comes up quite often. Often people want to add information or ask about status for a defined support event without creating another one or even being pushed back of the queue.

However nothing on the site directly tells you that replying to the automated support reply is the response of choice. Also this does not seem to be the most straightforward or convenient way to handle it.

I made a wishlist entry titled: Being able to see support tickets and add additional information
I think this might smooth the support experience.

Everyone who also likes it please vote for it
http://www.gog.com/wishlist/site/being_able_to_see_support_tickets_and_add_additional_information

I also made a fun wishlist entry: Display current length of support queue and new tickets per day
http://www.gog.com/wishlist/site/display_current_length_of_support_queue_and_new_tickets_per_day

It's just a fun idea but I guess if one really wants to be open and transparent about the service quality one could do it.

Alternative average waiting time per support ticket or quantiles or waiting time (50% first response within XX hours, 90% first response within YY hours, 95% solved within ZZ days) would also be cool.
avatar
Octavian321: ... They don't even send you an email asking if you want such a change. ...
I really wonder that too now.

Anyway I made a wishlist entry for it: Send email asking for permission before changing email address
http://www.gog.com/wishlist/site/send_email_asking_for_permission_before_changing_email_address

avatar
Ciris: 3) As soon as you get access to your account back, please change your password. It may be a simple thing, but please don't forget. It will mean the hacker once more lost access to your account for sure.
avatar
cogadh: This is wrong. You are essentially playing chicken with the hijacker by not setting the password to a new unique one when you restore an account, thus blocking the hijacker out from the beginning. This is internet security 101. You guys need to be better than this.
I agree. A temporary password should be created and be sent to the old/new email and upon the first login setting a new password should be required.
Post edited September 04, 2015 by Trilarion