UPDATE: After correspondence with Lukasz Kukawski, the PR Guy over at GoG who has stated the following:
“We’ve not detected anything that would seem like a breach of data on our end – but we are aware of the reports and we are monitoring the situation.
As for what you can do, drop by https://haveibeenpwned.com to see if your credentials have ever been compromised (keep in mind that list is not all-encompasing, but it’s a great pointer).
If you are compromised make sure to change your password. Definitely have a unique password for your email account, and keep 2-step on. As long as you’re the only one with access to your email account, 2-step is just about impenetrable.”
There are an increased number of reports coming in from the official forums of GoG (formerly Good Old Games) that suggests a GoG password leak has occurred, we highly recommend you enable 2-Factor Authentication if you haven’t already and change your password.
GoG is a popular online video games store that is better known for selling retro games at some truly delectable prices, the service has been known to have its security faults as in 2015 and in-between there have been incidents of hackers intruding into many customers accounts.
This time around, there are increase in the number of reports coming in that suggest a leak that is allowing a lot of users passwords to be reset from various parts of Brazil.
You can see the first page of the official forum discussing this and how the pages go on to show the number of occurrences is something that suggest that this isn’t just an isolated incident.
No official Statement on Gog Leak:
While the attack seems to be at its infancy since GoG themselves haven’t released a statement yet, it is highly advised that if you are an active purchaser on the site, you immediately take the appropriate measures to safeguard your account.
There is no news yet on the severity of the breach, we are very sure that it is enough to allow users in Brazil to change passwords, meaning the passwords were stored in plain text.
While this is still a rumor, the official forums and other places are also reporting a rise in login incidents from various locations, that are most commonly from Brazil, so it’s better to be safe than sorry, right?
We will update the story when we have an official statement from GoG, but until then we highly advise you protect your account with the appropriate measures to ensure you don’t have to go through customer support to restore access to your account.
If you are a GoG customer or have been affected by the breach, let us know in the comments section below!