It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionMy account has been hacked(50 posts)(50 posts)
(50 posts)
Pages:
1
2
3
4
This is my favourite topic
Posted September 01, 2015
low rated
avatar
SolrakSG: Hi,

Since the 18th of August, a hacker got into my account (somehow guessed my password) and has been using it ever since (over 50 hours of gameplay in The Witcher 3 already). I contacted GOG support and they helped me to get a new password so I could access my account again and change the password.

Unfortunately, GOG Galaxy seems to have some kind of autologin, it logs in as soon as you open Galaxy without asking for your email and password (Even though it was changed!). For that reason, I am the only one who knows my password, so the hacker cannot change it again, but he is STILL ABLE TO ENTER Galaxy and access my library.

I want to get rid of this hacker, and get back my private account, so that only I can play the games I paid for. So my question is: Is there any way to force him to logout from my account in GOG Galaxy so that he is required to enter the password when he opens Galaxy the next time? I guess he will still be able to play The Witcher 3 offline, but at least we won't be able to steal any other games from me.

Thank you!
avatar
fr33kSh0w2012: Hello
I want to tell you something I think I know who has hacked into your account
this is the same fiend that has been downrepping everyone
I have an Idea Logout of galaxy
Log back in
and type in your New password it just may work
A friend of Mine said that someone here is a programmer and a hacker who hacks peoples accounts
you said they are Russian?
Did you buy Terraria at any stage?
because they have been playing that too I've noticed
This person Likes Playing with peoples accounts also
you Need an IP blocker tool
download.cnet.com/Advanced-IP-Scanner/3000-18508_4-10115592.html
Look up all the Major Russian IP's and BLOCK them ALL of them if You have to!
Here
nirsoft.net/countryip/ru.html
or just use the easy way, drop a nuke to russia :P
Posted September 01, 2015
avatar
darthspudius: has anyone with more than 2 rep been hacked?
He posted it in a Spanish forum, and has a lot of rep there. But at least you can give him the benefit of the doubt. :-)
Posted September 01, 2015
avatar
Jinxtah: Well that's a bit worrying if that auto login with no credentials required thing is accurate. That means he can just use your account endlessly, and not to forget abuse your credit card info to just buy games through the client (assuming that's possible with stored CC info).
as someone already said, GOG does not have a "wallet", it does not store such credit info/data on you. but go ahead and just use paypal instead.

i swear all of you "new user" types love misinforming and implicitly shilling for paypal and other not exactly secure 3rd party services.
Post edited September 01, 2015 by dick1982
Posted September 01, 2015
avatar
Cavenagh: Poor russian cracker, of all the accounts, he had to crack SolrakSG's

s/he must have been very disappointed with the lack of games in your account :P

just kidding

Always scan your system for trojans / keyloggers before you shutdown and after you boot up, it only takes five minutes [with malwarebytes for example].

all the best
thanks for your help! yep, just used malwarebytes and I had a trojan that I did not detected with my antivirus... well I got rid of it already!

BTW, how can you see other people's accounts / libraries? Just curious! :)

avatar
hafizadam: one question though - how do you know you have been hacked?
(suddenly I become paranoid someone might already hacked my account without me realizing it)
Just because I had The Witcher 3 in my account and, due to lack of time, I haven't started it yet. I entered my profile and saw that I had 2 achievements unlocked and several hour of gameplay registered... :/

avatar
Magnitus: The trick to sufficient security is to make it hard enough for would-be attackers that the effort vs reward ratio is not worth it. I find it's a great rule of thumb to remember.

Real hackers compromise entire web sites or at least target very wealthy individuals for a lot of money.

Nobody will invest significant amounts of time "hacking" individual GOG accounts. It's just not valuable enough.

If they broke into your account, it's because you made it ridiculously easy for them to do so. I recommend you review your habits and try to guess where you got complacent.

For example, one of my friends kept getting his emails hacked. He'd change it every year or so. I found his claim that web mails are extremely easy to break into dubious, because I got mine for a very very long time.

Finally, I decided to fish a little bit while we were waiting at the restaurant and asked him questions about his habits.

Turned out he used the same password everywhere so essentially, he was giving away any website he registered to his email account and the password to login to it!

95%+ of security is not arcane arts, it's caution and common sense.
Thanks for the tips man, will try to improve my security habits! ;)
Posted September 01, 2015
avatar
dick1982: "fuck1234"
I'll bet tinyE uses that as a password on everything .
Posted September 01, 2015
avatar
Jinxtah: Well that's a bit worrying if that auto login with no credentials required thing is accurate. That means he can just use your account endlessly, and not to forget abuse your credit card info to just buy games through the client (assuming that's possible with stored CC info).
avatar
dick1982: as someone already said, GOG does not have a "wallet", it does not store such credit info/data on you. but go ahead and just use paypal instead.

i swear all of you "new user" types love misinforming and implicitly shilling for paypal and other not exactly secure 3rd party services.
Calm down there. I wasn't misinforming. I even put an entire line about it would only be possible assuming it would be possible with stored CC info. I've always used paypal here, so I didn't know, which is why I put that in there.

Also, I've been here a hell of a lot longer than you, pal. I just haven't posted as much. Big deal. Please refrain from being a douche. I did exactly nothing to deserve that. I didn't shill for paypal and certainly not for any less secure 3rd party service. What the fuck are you even on about.
Posted September 01, 2015
auch! it sounds as DNS Unlocker scam!
Posted September 01, 2015
avatar
CharlesGrey: Also: Another reason not to use Galaxy, since the hacked accounts always(?) seem to be Galaxy users.
They aren't all Galaxy users if I remember correctly. Though as far as I've understood, all of them are accounts with The Witcher 3.
Posted September 01, 2015
avatar
dick1982: as someone already said, GOG does not have a "wallet", it does not store such credit info/data on you. but go ahead and just use paypal instead.

i swear all of you "new user" types love misinforming and implicitly shilling for paypal and other not exactly secure 3rd party services.
avatar
Jinxtah: Calm down there. I wasn't misinforming. I even put an entire line about it would only be possible assuming it would be possible with stored CC info. I've always used paypal here, so I didn't know, which is why I put that in there.

Also, I've been here a hell of a lot longer than you, pal. I just haven't posted as much. Big deal. Please refrain from being a douche. I did exactly nothing to deserve that. I didn't shill for paypal and certainly not for any less secure 3rd party service. What the fuck are you even on about.
I guess he was being a bit of a dick there. *ba-dum-tsh*
avatar
CharlesGrey: Also: Another reason not to use Galaxy, since the hacked accounts always(?) seem to be Galaxy users.
avatar
Maighstir: They aren't all Galaxy users if I remember correctly. Though as far as I've understood, all of them are accounts with The Witcher 3.
Hm, how could that be the cause? I mean, I know it's one of the most desired ( and most valuable ) games available on GOG, but how would hackers know which games someone owns? I guess it could be coincidence, since an awful lot of GOG users own a copy of the Witcher 3, especially most new users.

Also, the retail version of Witcher 3 seems to install Galaxy by default ( although it can be launched without it ). Not sure if the download version also installs the client.
Post edited September 01, 2015 by CharlesGrey
Posted September 01, 2015
avatar
CharlesGrey: Also: Another reason not to use Galaxy, since the hacked accounts always(?) seem to be Galaxy users.
avatar
Maighstir: They aren't all Galaxy users if I remember correctly. Though as far as I've understood, all of them are accounts with The Witcher 3.
Though that could still be because TW3 is the big draw and hacked accounts without TW3 aren't "commercially viable" for hackers to be selling them in the first place.
Posted September 04, 2015
avatar
Maighstir: They aren't all Galaxy users if I remember correctly. Though as far as I've understood, all of them are accounts with The Witcher 3.
avatar
Randalator: Though that could still be because TW3 is the big draw and hacked accounts without TW3 aren't "commercially viable" for hackers to be selling them in the first place.
Most likely, yes. I wasn't insinuating there's a security flaw in the game.
Post edited September 04, 2015 by Maighstir
Posted September 06, 2015
LOL my computer got cracked last night, I was playing borderlands 1, and alt-tab out to see the latest football scores, and I couldn't close firefox or bring the Task manager. up.

So I rebooted, and the fecker changed my login password for both win7 and winXP. Took me ages to recover windows 7, then I lost dual boot. I downloaded a program EasyBCD to get dual boot back. now all I had to do was reset my password on windowsXP.

I had to be a bit naughty and download a "Trial" of Active password recovery. and was able to remove the password from windowsXP via win7.

Had a look at my routers firewall log, someone did a IDS parse scan, and showed the IP address 68.116.5.134 [past that IP address into google, the anti hacker group are after them!]

Anyway I put that IP in my host file 127.0.0.1 68.116.5.134

Just goes to show it can happen to anyone, the thing is, I have netbios turned off, so shouldn't be giving out any username info.

All is back to normal now., they don't seem to have done any harm to my system [most prob got distracted by all my nice vids lol }

All the best
Post edited September 06, 2015 by Cavenagh
Posted September 09, 2015
Sorry to hear that man! But I'm glad everything turned out all right in the end!

I've waited this whole week to confirm if the problem was solved after Firek helped me out (I contacted him via PM), and the gameplay timer hasn't increased, so I guess that's it!

Well thank you all for your help guys! ;)
Posted September 09, 2015
avatar
Cavenagh: Anyway I put that IP in my host file 127.0.0.1 68.116.5.134
That's not how it works. The hosts file translates domains to ip's. It cannot redirect an ip to another ip.
Posted September 09, 2015
avatar
Cavenagh: Anyway I put that IP in my host file 127.0.0.1 68.116.5.134
avatar
classicgogger: That's not how it works. The hosts file translates domains to ip's. It cannot redirect an ip to another ip.
So why is it, when I put facebook and twitters IP's in the host file, firefox can't conect to them.
Post edited September 09, 2015 by Cavenagh
Pages:
1
2
3
4
This is my favourite topic
Community
General discussionMy account has been hacked(50 posts)(50 posts)
(50 posts)