tag+: May I ask
fronzelneekburm?
fronzelneekburm: You may, but in all honesty, you'll find the answer to most of these questions in the corresponding thread. As you can see, this was some time ago and my memory is hazy on the details, so I honestly recommend reading the thread instead. I'll link you to the relevant bits.
tag+: -What was the GOGs answer given?
fronzelneekburm: This was their initial reply, which was shocking, to say the least.
They eventually DID get in touch with me and implemented some sort of band aid solution (at least I didn't get accidentally logged into someone else's account since then), but they never got into the nitty gritty of what actually CAUSED this little mishap.
tag+: -Did it include a root cause and fix, ...or at least a promise?
fronzelneekburm: Here's a quote from the relevant mail I got from gog support on July 4th (roughly a month after I had first reported the issue):
"Just wanted to let you know that a fix has been implemented. We’re still monitoring the situation but we
haven’t received any new reports of the issue"
Please also note
this post from roughly a month later. So, they implemented some crappy band aid solution, which did, however, work well enough that it never happened to me again. But the thing paladin181 describes (logged into an account from a tablet despite never having logged into that account from this tablet - DESPITE 2FA) sounds EXACTLY like what happened to me a couple of years ago.
tag+: Did you try to contact Xiaozhuzi?
fronzelneekburm: I'm afraid I didn't, I probably should have. Firstly, I had no idea what to write to the guy without coming across as a scammer or a blackmailer ("Yo, dude, I got like, logged into your account or something!"). Just a very awkward situation and I was banking on gog contacting the guy. In fact, at the time I probably felt that it was gog's obligation to do so, I felt had already done my part by informing the community at large via the forum thread.
tag+: Do you remember how many games Xiaozhuzi had the day of the incident?
fronzelneekburm: Can't really remember, but it was probably enough for gog to realize that the account wasn't some alt I made for cheap laughs.
You are right, the answers to my curiosity are on the thread. I'll read it carefully
Let me tell you one personal reason to take you serious and be curious:
Once upon a time my veteran email account on a big boy free provider started receiving emails from a stranger: an individual without a Kreitsi annd hebideent spam source, my email address totally correct, containing coherent information (work stuff) and directed to this XY person
-Meh, wrong address folk!: A rule to the junk folder and never read those emails! (by security & legal reasons)
Was my initial reaction
The problem was when big boy companies (phone, vendors) also began sending emails to XY to my inbox...
-Whatta!... The spam folder was not a solution anymore, Agree?
My email provider wasn't guilty nor responsible either...
And this XY seemed unaware of the problem either (missing all those emails)
So an executive decision, yet effective was needed... from me
I had to lift my selfban and skim some emails from the phone company to find out the number of XY
After a couple of -international long distance- call attempts, someone finally answered...
and out of luck wasn't XY...
Language/cultural barriers -maybe- whoever I explained the urgency/situation did not get it so I desisted
Next: I replied to those clueless senders asking them to stop emailing XY to my email because was futile.
Yeah, some bullheaded needed calls to some managers to tell a human to stop emailing me under their own entire responsibility of disclosing/risking private XY info by their lack of action
Fortunately, after all my time & energy wasted on it, the volume reduced and I moved to another provider!
What I'll never know if the damn XY ever realized the situation and why the fck my email got involved.
While you had the opportunity with the affected person :)
Maybe we could start a club (org?!)...
Cases like that, first hand experienced, force us big time to approach things differently
Because the spectators, comfortably sit, lightly discard/tag the whole situation to sleep carefree
By the way, I understood OP complains because his wife did not get the 2FA, not that she was loged in automatically without a password. But
paladin181 can clarify it
Many thanks for sharing with all it involves
fronzelneekburm!
Now, lets tell some jokes about 2FA to sleep carefree as well... :)