Please do not call script kiddies, DDoSers and other sons-of-bitches trying to steal people's personal data and then sell them, a hacker.

True, malicious attackers are crackers.
Hackers are those with ethics (that usually work for IT).

better cancel your account here then, they have your emeelz!

At least on GOG.com I can download my shit.....

I don't see why it wouldn't.

In the US it's been quite some time that not telling affected users would be a big-time violation of the law, one of the ones that's actually enforced. Especially financial institutions are very cognizant of this fact. The idea that you've had your stuff stolen for years and your bank has said nothing is pretty much a load of horse crap. Banks get very frequent audits by very uptight, very not nice people. Violators get massive fines. As well, when Visa says "Jump fuckers" the banks comply.

Of course, there may be violators, but they're small and stupid and probably have little to lose in the way of assets.

It really needs to be emphasized just how much security this actually adds- if data isn't stored then it can't be stolen. Looking through my account settings it appears that even if GOG's user database got completely pwned the only things the attackers would come away with are e-mail, date of birth, country of residence, and password (presumably hashed). No CC info, no home address, not even names. The only potential damage from this would be phishing attempts using the e-mail list, and potential access to weaker passwords if the attackers take the time to figure out the passwords with rainbow tables (probably not worth their time, and possibly not even an option if the hashes also contain a salt).

It's very much appreciated that GOG takes the simple but highly effective step of minimizing the amount of user data stored, and it's unfortunate that many companies don't do this.

That's part of it, but those folks in the modern era don't typically have the skills necessary, even if you discard the moral dimension.

Yep. I don't think that anybody who uses exploit written by someone else should be called even a cracker.

Paranoia is good and all, and I have a basic distrust of these fuckers, I just happen to know your suspicion is bunk. You may check on it yourself if you wish, in fact I suggest you do, no reason to trust me.

No respect required.
Everyone stands on the shoulders of everyone else, always has. Judge them by their skill and knowledge. I wouldn't judge a mechanic as being horrible just because he didn't cast his own tools or used diagnostic equipment.

And this is the difference between a mechanic and an engineer. And this is also the difference between a script kiddie and a hacker or a cracker who writes his own exploits.

I assumed that was what you were getting at. It's trivial to rent botnet capacity if you know where to look, as is buying toolkits to create your own, but a lot of the tools available now are barely any harder to work with than the normal ones that are included with the OS, an increasing number of them are point and click style GUIs.

Don't let GOG be hacked please let GOG be the one with the best security =D

Not really, perhaps to those that don't have any knowledge relevant to the situation it might seem that way. But these tools are created and tested the way that conventional software is, which is to say that the tool kits never are completely up to date.

What's worse is that the actual crackers out there with any talent at all aren't going after servers with known vulnerabilities, they're going after ones which haven't yet been cracked, just about anybody can take down a server with a known vulnerability and you can frequently find out what the basic environment is with little effort.

The ones that are actually worth worrying about don't need to rely upon the server to be running unpatched software to get in.

Like I said, the guys using that sort of software are typically less talented than others are, and anybody who gives it some thought would see that.