Purpose
Understanding how users’ information can become compromised is essential to protecting their accounts. This guide goes over the different types of compromised accounts users may encounter and how to contact support for assistance.
Assumptions Made
This article assumes the reader understands the information in the following articles:
What is 2 Factor Authentication (2FA) and How to Enable it
Change a Wallet's Transfer Code
What is a Recovery/Seed Phrase?
How to Submit a Support Ticket?
Procedure
Gala Games and Entertainment accounts contain several pieces of sensitive information that need to be safeguarded. These include a user’s password, email, Transfer Code, and 2FA.
Users’ 2FA is considered compromised when the device that has their authenticator app (such as Google or Windows Authenticator) is lost, or accessed by an unauthorized person. Additionally, if a malicious 3rd party obtains 2FA backup codes, they will have 30 seconds to use those codes to access the account and Transfer Code, jeopardizing the security of the account and wallet. These codes may look similar to the image shown below.
When this happens, users may not be able to fully log into their account, depending on if 2FA is required to log into it. If 2FA is required to log into the account and it is refusing to work, please get in touch with Gala Support to remove the 2FA on the account so it can be set up on a new device. It's important to note that a 2FA compromise does not mean a person's wallet is compromised; 2FA protects their Gala Games and Entertainment account, not their wallet.
When a wallet’s Seed Phrase (also called a Recovery Phrase or 12-Word Phrase), Private Key, and/or Transfer Code is shared or obtained by an unwanted 3rd party, the wallet is no longer secure. The bad actor has complete control over the account’s wallet if any of these are exposed. This is why keeping those pieces of information safe is incredibly crucial. Having 2FA enabled does not protect a user from their wallet being compromised.
Once a wallet is considered compromised, users can disconnect and replace their Gala Games and Entertainment wallet. The instructions provided in this support article guide users through the process: Replace an Ethereum Wallet in a Gala Games and Entertainment Account. It's important to remember that transactions on the blockchain are immutable, and Gala Games and Entertainment cannot retrieve any lost or stolen items.
Typically, logging into a Gala Games and Entertainment account involves entering a username/email and password followed by a 2FA prompt, if enabled, and an additional authentication code if the login attempt is from a new IP address. Many bad actors create clones or mirrors of various Gala Games and Entertainment websites and services to request this information. To help prevent this attack, users can bookmark app.gala.games and only use the bookmark whenever they need to access Gala Games and Entertainment. This ensures only the legitimate site is used and prevents users from searching and clicking malicious links.
When an account is compromised, there are only a few ways to regain access. If the bad actor has changed the email on the account, users must first send a ticket to Gala Support and work with them to change the email address. The Customer Support team will be able to communicate with the user and help them recover access to their account.
For more information on how to secure an account, please read this article to learn more: Keeping a Gala Account Secure