It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
low rated
avatar
DreamedArtist: at the end of the day I've been having no issues with my account and never had issues with the log in system for a long time and I think the OP has a lot more detail for this issue and can give them way more information than my hazy memory can lol.
I found out that when you add cheese on top of Kraft Dinner it adds a extra layer of suspense that can only be enjoyed by best of us. When adding Cheese to anything you can change reality and things surrounding you and loved ones for minutes at a time, Just think of it for a second.

Lastly if you have a thing for 3 layer cheese noodles you "CAN" add one more layer and this is called tyranium. this is what men dreamed of for years and is now part of your daily dinner dish.



Thanks and enjoy your stay at the GOG forums.
avatar
FlockeSchnee: I apologize for post 121.
Apology accepted. Let's talk like adults.

Look, I get it. The whole thing is sketchy as fuck and I'm not going to blame anyone for being suspicious, even though I'm sure they can voice their suspicions in a more constructive manner than comparing me to killers or insinuating that I created a mess for gog. Sorry, gog created a mess, I just pointed my finger and said "Look, guys, a mess! Better clean this up". Or, to quote Reservoir Dogs: "I didn't create the situation, I'm dealing with it."

I'm aware that making a gloating thread in the forum is neither subtle nor discreet. But ask any forum regular and they will confirm to you that gog has a massive communication and transparency problem (look no further than post#101 for a perfect example of lacking communication skills - that post being high rated, despite dismissing a serious issue, completely blows my mind). Gog won't admit to anything going wrong until there is some ruckus about it. And since this is a rather concerning issue, I figured I'd rather let everyone know instead of keeping things under wraps by contacting support and hoping for the best. With the exception of the blue posts in this thread, I haven't heard back from gog since I opened this thread 6 days ago. Which kind of confirms I made the right call telling everyone on the forum right away.

Also, regarding your concerns about the ethics of taking screenshots of the other guy's library: I actually agree. I also agree that posting from someone else's account without their permission is unethical. Under normal circumstances. But given the outrageous nature of my claims, I'm sure people would need some hard evidence. Evidence that can't just be handwaved away. To use your own example: Someone leaves their door open. Now, let's say that this person is a friend and a very special brand of bonehead. So after finding his door open, I tell him "Dude, you left your door wide open!". Bu that person won't believe my story and replies with "I’ve completed a thorough analysis and I did not identify any open doors. According to the investigation, no such situation has ever happened to date, and we can assure you my apartment is safe." If I was smart enough to secure evidence, I can put on my best trollface and go "OHRLY?!" and show him the pictures from inside his apartment. At that point, even they should realise that there is something very, VERY wrong going on.

So, in the interest of full disclosure: I accessed the forum and the wishlist, but that was before I realised that I was in someone else's account - gog's logs should probably confirm that the stuff that was accessed around that time was much more in line with my browsing habits than the Chinese guy's. After finding out I was in someone else's account, I accessed the guy's library and his wishlist - to find out whether that was even possible and to gather evidence in the form of screenshots. Speaking of ethics, the contents of users' libraries is something that gog all to happily makes public at any turn of the way - something I vocally opposed on this very forum numerous times in the past. And I stand by what I said in my first post, I did NOT access any sensitive personal information (i.e. checking out anything you'd find under "Your wallet" or "Privacy & Settings"). I'm sure gog will happily back me up on everything I said.

Ultimately, it's very much a take-it-or-leave-it situation. Either you (not you personally, but everyone reading this) believe my story or you don't. Whichever you choose makes no difference to me. Besides, even if you believe the story, there is little you yourselves can do apart from staying vigilant and reporting any irregularities. You either get affected by this glitch or you don't. The only party who should REALLY be listening is gog. Did I mention I haven't heard from them about this issue in 6 days?
Heartbleed 2014 issue - Google for it.
high rated
avatar
fronzelneekburm: (look no further than post#101 for a perfect example of lacking communication skills - that post being high rated, despite dismissing a serious issue, completely blows my mind)
I've noticed a while ago that pretty much any reply from a blue gets highrated, regardless of content, like people are just honored and grateful beyond measure that the gods deem us mortals worthy of speaking to at all.
avatar
fronzelneekburm: [...]
I've read the whole thread but I fear I'm missing an info. Is there any particular reasons your account is also located in China ? I feel like I've read your explanation somewhere, but maybe I didn't and my brain is just playing tricks, it happens.

avatar
Breja: I've noticed a while ago that pretty much any reply from a blue gets highrated, regardless of content, like people are just honored and grateful beyond measure that the gods deem us mortals worthy of speaking to at all.
Meh, probably the same reason some out here get their messages downvoted for no reasons. Also, what is it with moderation and the color blue ? Is that like an internet dress code I'm also unfamiliar with ?

To be more serious, it's probably because this issue is frightening and them not admitting to any problems can feel reassuring. I'd wish for a huge blue post saying "Nah, GoG is financially fine and we're never going away." but alas. I just hope it's taken seriously, I don't want to worry about my account safety above all else :p

Also, yes, I did upvote your message, kind of you to notice!
low rated
avatar
Deadmarye: (…) Also, what is it with moderation and the color blue ? Is that like an internet dress code I'm also unfamiliar with ?(…)
I don't know any reason, but that kind of blue is usually used by right-wing political parties.
avatar
mk47at: I don't know any reason, but that kind of blue is usually used by right-wing political parties.
...
dude, c'mon
avatar
Deadmarye: I've read the whole thread but I fear I'm missing an info. Is there any particular reasons your account is also located in China ?
Because I'm currently physically located in China. That's why I said it may have been possible that I was at some point using the same public Wifi as the other guy (but that's just my theory).

avatar
.Kaby: Heartbleed 2014 issue - Google for it.
Oh, I wish I could, but I can't (see above).

What I can do is search for the same thing on the next best thing that isn't blocked in China - in this case google's mentally stunted stepcousin Bing.

It took me to a US GOV address that tried to explain the issue to me with a bunch of technical mumbo jumbo that I couldn't make heads or tails of. Something about "exploiting" a "vulnerability" (which kind of implies someone actively doing something out of malicious intent).

Here's the thing: Opening your browser, putting in the gog.com as the URL, checking out the front page, going to the forum and then noticing that you're already logged in as someone else doesn't really count as "exploiting" a "vulnerability", does it?

avatar
Breja: I've noticed a while ago that pretty much any reply from a blue gets highrated, regardless of content, like people are just honored and grateful beyond measure that the gods deem us mortals worthy of speaking to at all.
I usually refrain from commenting on something like this out of fear of sounding paranoid, but let's just say it hasn't escaped my attention. ;P



PS: Another 24 hours and still no word from gog.
avatar
fronzelneekburm: PS: Another 24 hours and still no word from gog.
Yeah, they're being pretty shitty about ticket response time. I've had other less-pressing issues also get ignored. I'd think this one is a priority, but I guess not. So how about fixing your broken game store or anything instead of ignoring us, GOG?
avatar
fronzelneekburm: PS: Another 24 hours and still no word from gog.
avatar
paladin181: Yeah, they're being pretty shitty about ticket response time. I've had other less-pressing issues also get ignored. I'd think this one is a priority, but I guess not. So how about fixing your broken game store or anything instead of ignoring us, GOG?
The good news is that they got in touch with me a few hours ago. They also got my reply by now. And from their message I'd say they're on the right track to get this thing sorted out.
avatar
fronzelneekburm: Because I'm currently physically located in China. That's why I said it may have been possible that I was at some point using the same public Wifi as the other guy (but that's just my theory).
Ah yes, now its definetely my brain playing dumb ! Hope they will fix this issue.

For some reasons today while wanting to browse GoG at home on my phone through Wifi I wasn't automatically logged in. Now I moved and I'm on 4G, it logged me directly without any input.

Ain't saying it is something but maybe these info could help.
low rated
Is this news or something?

Remember when CDPR got hacked, lost 1.8 MILLION accounts to hackers in one of the biggest data heists in the gaming sphere, and then told people immediatel... oh wait, they told customers nine months after the fact, right. That was fun, wasn't it?

Remember when CDPR introduced user profiles on GOG, gave forumites three days' warning that they'll broadcast their data everywhere without a chance to make those profiles completely private? Remember when non-forumite customers got totally bowled over with it, and people had to protest for a full week for GOG to introduce a provisional profile kill switch that still remains in its unprofessional/provisional form even today? Remember that? Good times.

Remember when GOG was all "we'll toooootally respect your privacy" when they introduced Galaxy 2.0, because you absolutely want to trust those guys with all your other accounts so you "have all your games in one place"?

GOG is a massive security risk. It has never been any different, it just got worse.
avatar
Vainamoinen: Remember when GOG was all "we'll toooootally respect your privacy" when they introduced Galaxy 2.0, because you absolutely want to trust those guys with all your other accounts so you "have all your games in one place"?.
While I don't know how Galaxy 2.0 handles login credentials for third party sites I imagine most who will use it have already given GOG their Steam info for Connect so probably not too much more dangerous for them.
low rated
avatar
Vainamoinen: Is this news or something?

Remember when CDPR got hacked, lost 1.8 MILLION accounts to hackers in one of the biggest data heists in the gaming sphere, and then told people immediatel... oh wait, they told customers nine months after the fact, right. That was fun, wasn't it?
Note that's a farily bad misrepresentation. What they disclosed was when they suspected that the attack occurred. Not that they saw the attack and then waited.

Remember when CDPR introduced user profiles on GOG, gave forumites three days' warning that they'll broadcast their data everywhere without a chance to make those profiles completely private? Remember when non-forumite customers got totally bowled over with it, and people had to protest for a full week for GOG to introduce a provisional profile kill switch that still remains in its unprofessional/provisional form even today? Remember that? Good times.
Literally unrelated to whats going on now.

Remember when GOG was all "we'll toooootally respect your privacy" when they introduced Galaxy 2.0, because you absolutely want to trust those guys with all your other accounts so you "have all your games in one place"?
And again what does this have to do with privacy? Are you just like making stuff up now? You're now talking about basically a product that isn't public and making up FUD. SHow me their OpenID protocol implementation first then come back to the adult table.

GOG is a massive security risk. It has never been any different, it just got worse.
GOG has some issues but nothing you're talking about is even relevant
Post edited June 11, 2019 by satoru
high rated
Whazzup, forumites!

Considering that gog had the delightful idea to enable you (and other people hypothetically accessing your account) to circumvent having to enter that pesky paypal login information, I thought now would be a good time to inform you on recent developments regarding that "ending up in other user's accounts"-issue I've been experiencing.

So, here's what I know:

- According to chandra, this issue only affects people in Mainland China.

- According to chandra (in a mail dated July 4th), a fix has been implemented.

And indeed, gogtech implemented some sort of band-aid solution, which prevents people ending up in your account from doing harm. HOWEVER, the root of the problem apparently hasn't been fixed, since I've had another instance of ending up in someone else's account (and it wasn't the same guy as before). I'll reproduce the PM I sent to chandra on July 11th about this in full:

Hi chandra, I'm copypasting a reply I would have sent through support re: the China log-in issue but couldn't because the gog support page sucks donkey dick in its current state. Anyways, here's the message:

Hi doodz!

This is a follow-up inquiry about this one issue I've been having where browsing gog logged me into the account of a random Chinese guy.

Turns out the issue still persists. When I browsed the forum via a public Wifi network from my (REDACTED) device, the "Topics I've participated in" tab showed up (even though I wasn't logged in) and a random Chinese thread was listed (which I DEFINITELY haven't participated in - neither did the other Chinese guy whose account I was recently logged into, which means that I was in yet another random person's account!). Looking at the GD forum one of the giveaway threads was bookmarked.

Chandra assured me a fix has been implemented. That's not entirely untrue: I didn't know whose forum history I'm seeing and the "Sign in" button was still there. In other words: I couldn't access the guy's account/library. So SOME band aid solution to the problem has been implemented, minimizing the possibility for random visitors to cause mischief. HOWEVER, it seems that the underlying problem hasn't really been fixed at all.

Best regards,
fronzelneekburm

Please feel free to forward this to the tech staff. Thank you!
Make of that what you will. Just letting you know.

tl;dr:

- If you use paypal on gog, do you have to worry that someone is going to randomly get logged into your account and go on a shopping spree? Errr... most likely not. Unless (if we're to believe chandra) you're located in Mainland China and even then, gog have apparently fixed this problem to such a degree that you can't access some stranger's library or buy games with their account.

- Would I, personally, trust gog to not screw this new paypal implementation up royally? Hahaha, HELL NO!!!! To be honest, the news of this new paypal implementation left me absolutely baffled. But as Breja so eloquently put it "I don't even have the energy and the passion to rage". Still, seeing as some of you have rightfully voiced their concerns in the paypal thread, I thought it would be fair to let you know about the current state of things re this login issue. So, there you go.
Post edited August 01, 2019 by fronzelneekburm