-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
Potential password leak at GOG
- Thread starter TI92
- Start date
This is a bit premature don't you think?
I wouldn't worry until GOG issues a statement. Attacks on individuals happens all the time.
I wouldn't worry until GOG issues a statement. Attacks on individuals happens all the time.
That honestly doesn't mean anything on there end. Could be any site that you use that same email with and someone tried it on gog.
I always wonder why these password leaks are so damaging. Surely these services aren't storing plain text passwords in their DB, are they? Because having access to a salted hash of a password should be almost useless
https://www.gog.com/forum/general/conditions_for_2step_authentication_kicking_in/page1
People have been discussing it on their forums as well.
All seem to be coming from a Brazilian IP.
People have been discussing it on their forums as well.
All seem to be coming from a Brazilian IP.
Hashes can be cracked. Lots of free software out there that can do it. Only problem will be processing power.
www.gog.com best place for DRM-free games :)
It used to be mean good old games because they mostly re-released old games like say, Wing Commander or System Shock but these days they get most any game as long as the publisher doesn't mind removing DRM (so, AAA games not so much, but everything else, like PC strategy games, indie games, etc).
DRM-free pc game store. been pretty big for a couple of years now
In a dictionary attack, a password dictionary is run through a hashing algorithm and compared to the list of
hashed pws
Yupp, got an email about someone attempting to log in from Brazil. Luckily I had 2 step authentification set up via email already.
OS:
Other
Browser:
Other
Estimated location:
Brazil, Rio de Janeiro
OS:
Other
Browser:
Other
Estimated location:
Brazil, Rio de Janeiro
whenever I try to change my password or log in (logged out after I couldn't change my password) the tab crashes, something is definitely going on
Edit: signed in on chrome and changed my pass
Edit: signed in on chrome and changed my pass
I got one earlier, glad I had 2FA setup.
Just had someone log into my deactivated Facebook account a few weeks ago too.
Just had someone log into my deactivated Facebook account a few weeks ago too.
Isn't that only effective if people use common words/phrases as passwords AND no salting or random manipulation is done to them before storing? I know Slack, for instance, has salting done on a per-password basis
Honestly, for things that you pay for with actual money I never understand why not just everyone gets their own personal email address so they could always prove ownership, say with their passport or similar, as it is now all that really needs to happen is someone getting access to your email and potentially thousands upon thousands dollars or whatever are lost.
How it is now isn't really secure 2fa or not, if you lose access to your email or phone it's pretty much useless, isn't it?
How it is now isn't really secure 2fa or not, if you lose access to your email or phone it's pretty much useless, isn't it?
OP
OP
Yeah, they were able to guess my password correctly. It was one of the last few sites I hadn't changed my generic password to a random 16 character string yet so makes sense it would be easy for them to get.
But just sharing so everyone is able to change theirs
But just sharing so everyone is able to change theirs
It' year's end, folk. By definition it's the time it increases hackers attacks. Just remove any potencial credit card info you have in any form of online store. Hackers gotta pay for their psn/ xbox live cards with your credit cards.
I didn't receive an email, but as it turns out my 2FA was disabled. I immediatelly enabled it, inserted the code that was sent to my email, got a confirnation that it was enabled, then reloaded my settings page just find out it was disabled again. Did this song and dance one more time, result, 2FA currently disabled with me trying to enable it at a time a massive hack is ongoing. Good job, GOG.
They aren't breaking into people's accounts to play their game collection. The intention is very likely the same as PSN hacks: account reselling to a target audience that doesn't know better.
They aren't breaking into people's accounts to play their game collection. The intention is very likely the same as PSN hacks: account reselling to a target audience that doesn't know better.
OP
OP
Apparently I already had 2FA activated. Nicely done, past self.
Still, changed my password since I have started using a password manager.
Still, changed my password since I have started using a password manager.
Good time to remind everyone they should be using some sort of password database, whether its KeePass or 1Pass or LastPass or whatever, that lets you have an entry for every single website with its own database entry of username, password, email, secret Q&A, pin, etc. The program/site should let you generate unique passwords for every site and quickly get to them when needed. The database itself should be password protected since its a single point of vulnerability for all your information. Any gmails you use should have 2FA enabled via your phone/etc so hackers can't bypass a lot of security by simply hacking into your email.
I've used KeePass for years, have 400+ entries in it for pretty much everything in my life, and keep the database backed up to google drive and OneDrive but also have a strong password protecting the db itself. Its on my phone as well and I have thumb drives with the KDX file that I keept at the bank at at my parents bank (cross country) in case of natural disaster.
Your digital "identity" is the most valuable thing you have nowadays between banks, stocks, credit cards, etc.
I've used KeePass for years, have 400+ entries in it for pretty much everything in my life, and keep the database backed up to google drive and OneDrive but also have a strong password protecting the db itself. Its on my phone as well and I have thumb drives with the KDX file that I keept at the bank at at my parents bank (cross country) in case of natural disaster.
Your digital "identity" is the most valuable thing you have nowadays between banks, stocks, credit cards, etc.
Apparently people are reporting password change happening at Gog official forums: https://www.thenerdmag.com/gog-password-leak-may-happened/
Those who have enabled 2FA have no issue except their password is leak. So if you guys are using same password anywhere else or is it yoru main password xD you should change it.
Those who have enabled 2FA have no issue except their password is leak. So if you guys are using same password anywhere else or is it yoru main password xD you should change it.
OP
OP