I left the GOG main page open while I was working yesterday so I could glance at the Insomnia sales as they changed over. I decided to buy Crookz when it came up, but when I went to the checkout page, the website switched me over to British currency.

I assumed this was some kind of technical difficulty, possibly related to high traffic during the Insomnia sale. I logged out and then back in. Still British. I logged out and cleared history, cookies, cache, etc from my browser. Still British when I logged back in.

Then I used the new "Logout All" feature. This worked, so... I guess someone else was logged into my account this morning and overriding my location?

I changed my password of course. Anything else I should do?

Run a spyware/trojan/keylogger check...

Before you found out you got "hacked" is your credit/debit card information saved in GOG? I always just purchase GOG games using the Card first. I never save the Card's information on the website.

You can also check your "Orders and Settings" and see if they purchased any gifts...

I was using a PC at work, so our IT guys should have that covered... but maybe they aren't on top of things. Wouldn't surprise me.

Can Android phones be infected with spyware/trojans/keyloggers? I have used my phone to login before.

And I have logged in from my uncle's place before. I'll give his machine a check next time I'm there. No. I use PayPal here. I checked this morning and again now. Nothing amiss there.

I know recently there was a publicized vulnerability for Androids, I assume there are ways to exploit them, but am not sure.

I don't think someone in the U.S. could even change their currency besides using a VPN. You didn't happen to use one recently for some other site? Like that Golden Joystick giveaway?

If it's not a keylogger, maybe you use the same password somewhere else? And it got stolen from there? If that's the case, just changing it to something completely new should be enough. I also assume you checked your account settings (like E-mail) to make sure they haven't changed.

We have McAfee security here at work, configured for automatic DAT updating and scanning. I initiated a full scan: No detections.

(2 hrs 17 min, over 800 thousand objects scanned, incl boot sector & memory)

Also, for when I vist my uncle, in case his antivirus is expired: Anyone know a good legit online malware scan? It's been a while since I used one. I'm 99% certain I'm secure at home, so I guess the problem has to be his machine or my phone (if the problem is a local one, anyway). No, I haven't used any VPNs. I didn't use my GOG password anywhere else, but it was a simple password. I've included some numbers in the new password. My account settings seem to be unchanged.

Doesn't seem to have been any harm done from what I can tell. I even still managed to catch Crookz after sorting the issue.

Try scanning using malwarebytes.

It could have just been a bug... GoG has been known to show odd currency and language options to some people sometimes (I'm sure there was someone in the US who used to keep getting the site in German)

That being said it's probably safer to work on the assumption you were hacked and cover all the bases just in case.