It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Yesterday morning I have received one of those emails you never want to receive:

no-reply@gog.com

"Hi XXX, your e-mail address was changed

This is a confirmation, that the email address associated with your GOG.com account XXX (rostilovka88@gmail.com) was successfully changed. Below you will find the details of this operation:
New email address: rostilovka88@gmail.com
Previous email address: xxxx@xxx.xxx
IP Address: 95.81.223.143
OS: Windows 8.1
Browser: Yandex Browser 15.4.2272
Estimated location: Novocheboksarsk, Russia"

Watch out guys there is a security breach somewhere.
Looking for my account back and for a two steps authentification method.
Post edited June 19, 2015 by Ciris
No posts in this topic were marked as the solution yet. If you can help, add your reply
high rated
avatar
cavaler-2: Yesterday morning I have received one of those emails you never want to receive:

no-reply@gog.com

"Hi XXX, your e-mail address was changed

This is a confirmation, that the email address associated with your GOG.com account XXX (rostilovka88@gmail.com) was successfully changed. Below you will find the details of this operation:
New email address: rostilovka88@gmail.com
Previous email address: xxxx@xxx.xxx
IP Address: 95.81.223.143
OS: Windows 8.1
Browser: Yandex Browser 15.4.2272
Estimated location: Novocheboksarsk, Russia"

Watch out guys there is a security breach somewhere.
Looking for my account back and for a two steps authentification method.
Hi!

First off, I'd like to apologise to all who have experienced account hacking on our site over the past couple of days. We're hard at work to make this less of an issue and less likely to happen - but I understand how frustrating it must be to lose access to your games.

Having said that, there's a new measure that will help us pick up on hacked accounts more easily.

If your account e-mail changes, you will get an automated message.

It that looks like this and has the new e-mail address, the old one, the IP currently in use (together with estimated location), and the OS and browser of the current user.

If you get such a message and it wasn't you who changed the email address, contact us.

Use the link at the end of the message ("contact our support team") to let us know it happened. You'll be redirected to our contact form - here's an example of how to fill that in.

We do our best to get back to hacked account emails as soon as possible, and to change the e-mail addresses as quickly as we can and restore the fully functional accounts to their rightful users.

IMPORTANT:

1) When contacting us regarding a hacked account, you must replace the e-mail address with one you have access to - otherwise, our reply will end up at the hacker's e-mail address, which you have no control over or access to.

2) Please do not send multiple requests to support - if you do, your request is pushed to the back of the queue again. If you feel the need to add more details to your support request without getting bumped back, you can do so by replying to the automated support reply you will get with your Ticket ID.

3) As soon as you get access to your account back, please change your password. It may be a simple thing, but please don't forget. It will mean the hacker once more lost access to your account for sure.

[edit]: bumped this to be the 2nd reply in the topic so it's easier to find for others with a similar problem, re-bumped the original post to the top to remain above the reply.
Post edited June 19, 2015 by Ciris
My Russian was stolen by an accountant. oO
avatar
Klumpen0815: My Russian was stolen by an accountant. oO
Your Russian Rabbit?
avatar
Klumpen0815: My Russian was stolen by an accountant. oO
avatar
phaolo: Your Russian Rabbit?
I doubt, it is a very dangerous rabbit.
avatar
phaolo: Your Russian Rabbit?
avatar
almabrds: I doubt, it is a very dangerous rabbit.
Why, are russians harmless?
avatar
almabrds: I doubt, it is a very dangerous rabbit.
avatar
phaolo: Why, are russians harmless?
Who is talking about russians? I'm talking about the beast! Did you see the video?
avatar
Cadaver747: Those Ruskies, I just hate Russians! ;)

avatar
leoneomeo:
avatar
Cadaver747: Have you ever installed GOG Galaxy?
Sorry, I busted out laughing at that line then seeing under your rep it said "From Russian Federation"

On a side note, I do know that somehow GOG games are being distributed on "pirate" sites. I tried to talk a friend into getting a specific game, his brother instead found a GOG copy of it on one of those sites. It was outdated however. Do you think these people are downloading people's libraries as well? I didn't ask for the age of the file seed, I just know the game version was outdated compared to mine and advised they scan it well before attempting to install.

Maybe a "friend" check should be in place? Do the people being hacked have a common "Friend" aside from using galaxy? To play multiplayer over IP, it has to be shared somehow. Maybe there's a leak in the software that is revealing user's IP? I don't use Galaxy so I have no idea how to check. For all I know it uses preset servers.

Also, maybe GOG could give us the option to require a code sent to a cell phone or home phone which is needed also before any account info could be changed? Log our locations each time we log in. I know I'm not always at home, but I'm never outside of my country or hundreds of miles away.

Lastly, I reduce as many applications as possible from booting at start to increase boot time speed. Get rid of Galaxy from booting up at start, and never save passwords on your computer to log in automatically for convenience. Whether it's stolen or high jacked, you leave your life open to whomever is prying into it. And NEVER... NEVER use free public wifi.
avatar
phaolo: Why, are russians harmless?
avatar
almabrds: Who is talking about russians? I'm talking about the beast! Did you see the video?
No, but I already know the reference.
It was a joke :P
avatar
FoxbodyMustang: Sorry, I busted out laughing at that line then seeing under your rep it said "From Russian Federation"
That was the main idea, yeah ;)

avatar
FoxbodyMustang: On a side note, I do know that somehow GOG games are being distributed on "pirate" sites. I tried to talk a friend into getting a specific game, his brother instead found a GOG copy of it on one of those sites. It was outdated however. Do you think these people are downloading people's libraries as well? I didn't ask for the age of the file seed, I just know the game version was outdated compared to mine and advised they scan it well before attempting to install.
Not sure about people's libraries, though I know from a fact that whole leak situation started soon after GOG Galaxy introduction. Odd coincidence, don't you think? As for the torrent sites almost every pirated GOG game there has a free virus implemented into installer *exe file, just happen to notice it when my Norton 360 deleted a bunch of executables khm-khm-khm... ;)
GOG officials claimed in the past about many fake (compromised?) Galaxy software being offered on some shady sites. Who in his right might would download GOG Galaxy or for example Steam from other than original sources? I have my doubts.

avatar
FoxbodyMustang: Maybe a "friend" check should be in place? Do the people being hacked have a common "Friend" aside from using galaxy? To play multiplayer over IP, it has to be shared somehow. Maybe there's a leak in the software that is revealing user's IP? I don't use Galaxy so I have no idea how to check. For all I know it uses preset servers.

Also, maybe GOG could give us the option to require a code sent to a cell phone or home phone which is needed also before any account info could be changed? Log our locations each time we log in. I know I'm not always at home, but I'm never outside of my country or hundreds of miles away.

Lastly, I reduce as many applications as possible from booting at start to increase boot time speed. Get rid of Galaxy from booting up at start, and never save passwords on your computer to log in automatically for convenience. Whether it's stolen or high jacked, you leave your life open to whomever is prying into it. And NEVER... NEVER use free public wifi.
It's very unlikely that different users have a common friend. Do you accept every friend invitation from unknown [bot]? I agree that there is a big chance of software leak, could be even a case with insider's job, maybe revengeful ex-programmer fired for disciplinary transgression. Most probably just a hacker group who likes to hack every popular service available from MS Internet Explorer to iPhone to Galaxy.

The option of SMS verification is quite good and not knew, and it might be a bit expensive for a small company. Could be added in future though.

Me too, don't like those apps booting up my RAM right away. There are many sneaking apps though like 10 to 12 Google auto update services on my comp, hard to kill ;)
avatar
FoxbodyMustang: And NEVER... NEVER use free public wifi.
The "-L" option of SSH fixes that.
avatar
Cadaver747: So perhaps a hacker with some tool can get your associated IP, then break into your GOG Galaxy account credentials and emulate *your* session somehow. It's only my thinking, I'm not a tech specialist.
Possible! Man-in-the-middle on packets that contain a session key, that is still active. I am a tech specialist, but not security specialist. To sniff something like this via WiFi packet inspection tool, if network is not encrypted (WEP or none) and then start bruteforcing it. Nothing that I say here is secretive, so if Galaxy indeed keeps network connection or has no one-time certificates, its theoretically possible to hi-jack the (still open) session and commit illegal activity. Эти проклятые русские! )
Post edited September 06, 2015 by Lin545
In Russia, account changes YOU!
avatar
Atlantico: In Soviet Russia, account changes YOU!
*fixed for you*

PS.
In USA, you are your account!
Guess they are still at it. Now GOG support wants the game key for Witcher 3 that I purchases elsewhere but registered on GOG for the DLCs. Even after I sent them a copy of the email I received. That smells big time. Guess there is a problem deciding if I actually changed my email on an account setup on my Tampa, FL email address to a Russian email address.