Jobs Store Support Register
FAN ART (THE WITCHER UNIVERSE)
FAN ART (CYBERPUNK UNIVERSE)
OTHER GAMES
BRAZILIAN COMMUNITY
ITALIAN COMMUNITY
JAPANESE COMMUNITY

My gog account got hacked!!!

+
O

octavian123

Forum veteran
#1
My gog account got hacked!!!

GUYS, this is urgent! About an hour ago I got an automated E-mail from GOG that my account's E-mail has been changed by someone from Korea.

This is very concerning BECAUSE I HAVE TW3 on it!!!! Also, are my credit card information and E-mail adress exposed?!!!

I am posting here because I am still logged here and I hope someone relevant will see this. I have already sent a message to support but I haven't got a response yet.

GET YOUR SHIT TOGETHER! Blizzard has Authenticators, Steam has Steamguard and even Origin has better security measures than you. I did not even get a SINGLE e-mail asking me whether the change is legit. That is not acceptable.
 
ReptilePZ

ReptilePZ

Wordrunner
#2
Gog doesn't store billing info, so no need to worry about that. Not much else you can do other than talk to support, which you've done already. Your e-mail address (without its password, obviously) is on display, though.
 
O

octavian123

Forum veteran
#3
Idk, can some of the moderators forward this to the relevant people? I don't want so much time to pass that it becomes untraceable or something.
 
Garrison72

Garrison72

Mentor
#4
octavian123 said:
Idk, can some of the moderators forward this to the relevant people? I don't want so much time to pass that it becomes untraceable or something.
Click to expand...

You could try posting a thread about it on GoG and maybe one of them will see it sooner. Sometimes support takes a couple days to get back. As a tip for passwords, obviously you should change them once in a while and just use letters and characters, never words.
 
O

octavian123

Forum veteran
#7
Alright well then can anyone help me out with this? I can't log in the GOG forums so I can't post. Can someone please start a thread over there with a link to this one?
 
V

volsung

Forum veteran
#10
OK GOG really needs to improve their security. I went to change my password (saved session) and it let me do it without any confirmation, such as my previous password or through a two step email confirmation message. It simply notified me I had changed it. I assume the same thing happens if you change your email address.

Holy shit GOG. We have valuable stuff in there!
 
O

octavian123

Forum veteran
#12
I have recovered my account. Thank GOD! They really need to add SMS protect or something.

volsung said:
OK GOG really needs to improve their security. I went to change my password (saved session) and it let me do it without any confirmation, such as my previous password or through a two step email confirmation message. It simply notified me I had changed it. I assume the same thing happens if you change your email address.

Holy shit GOG. We have valuable stuff in there!
Click to expand...

I can confirm everything he said. Holy shit.
 
V

volsung

Forum veteran
#13
That's great octavian.

But IMO SMS is a bit invasive. Just a regular two-step email confirmation process will suffice. And the website should request your previous password.

Of course if someone gets a hold of your password there's little you can do. So try to use unique sequences for each service. And something very strong for your main email account.

The other day I found somebody saved their Facebook session on a shared lab computer. Lucky for that guy it was me who found it and cleared his saved passwords. But the lesson is security is also our responsibility.
 
O

octavian123

Forum veteran
#14
volsung said:
That's great octavian.

But IMO SMS is a bit invasive. Just a regular two-step email confirmation process will suffice. And the website should request your previous password.

Of course if someone gets a hold of your password there's little you can do. So try to use unique sequences for each service. And something very strong for your main email account.

The other day I found somebody saved their Facebook session on a shared lab computer. Lucky for that guy it was me who found it and cleared his saved passwords. But the lesson is security is also our responsibility.
Click to expand...

I thought a word with an upper case and ending with "123" was enough. I use a stronger combination of numbers now.
 
A

Arvuti

Rookie
#16
 
V

volsung

Forum veteran
#19
Gilrond-i-Virdan said:
That example with the horse isn't good. The comic is seriously misleading. Such passwords aren't strong because they use dictionary words and they should be avoided. See https://en.wikipedia.org/wiki/Dictionary_attack
Click to expand...

The comic is assuming passwords are cracked on a character basis and not on a human habit (words) basis.

I don't know anything about security but why are they assuming a capital letter adds only one bit? Each character can be any entry in an encoding system like Unicode, regardless of our prior knowledge about capitalizing alphabet letters. They're different symbols. Conveniently though this prior knowledge is not considered to support the second case, using dictionary words.
 
Gilrond-i-Virdan

Gilrond-i-Virdan

Mentor
#20
@volsung: Entropy usually means a number of allowed characters to the power of length. And bits simply means you count that entropy as powers of 2. So I understood it in a way that in the case of adding capital letters (in addition to lower case ones), you are doubling the number of participating characters, which equals to adding one bit: https://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength

---------- Updated at 12:52 PM ----------

See also: https://diogomonica.com/posts/password-security-why-the-horse-battery-staple-is-not-correct/
 
Last edited:

Similar threads

Support Ticket Initial Response Time?
13
3K
After 2.02 patch my save will no longer load
2
722
Option for Acrophobia (Afraid of Heights) to get in to Dogtown?
0
248
Witcher 3 Next Gen - A sad state of affairs
0
178
New purchase, just installed. Can't get beyond the logo on start up. Crashes and "flatlines".
2
781
Top Bottom