I find this quite hard to believe (albait not impossible). Even if your ID gets faked they usually still ask you stuff like bank account info etc as that stuff is hidden even for you should you look at it on the website. Or transaction history, xpac keys etc.
So either your friend had by far the dumbest GM in history that deserves to be fired or there is something off.
I also find it hard to believe that someone would contact a GM too. Thatâs a lot of effort to get access to an account. Thereâs probably thousands of accounts that would be easier to get.
I suppose it depends what the account possesses. As in certain mounts or pets.
It would have to be a targeted attack then. I dont believe the OPâs (friend).
Too far-fetched.
Ye me neither. But you know the saying, never say never. So i give him the 0.01% shred of doubt in his favour.
Could be he bought the account and the original owner is recovering it to play shadowlands. Just a theory.
In this case the account deserves to be perma banned
I member when hackermans hackered my Rockstar account. When I logged in one day randomly after I had quit playing GTA Online I had $1 million+ , expensive apartments & cars unlocked so it wasnât all that bad 
I never even got to $50k playing GTA Online xD
at least those who play on the hackered accounts actually dedicate to playing on their hackered accounts hehe
That was because of a security breach at Rockstar however.
My account got hacked as well as a result but i got it back rather quickly and rockstar froze all info such as my name that was on the account as a result because the beep even changed my account name etc and so rockstar did that so even IF it ever happens again they cant change anything of value.
I also think my Uplay account was accessed, but honestly what does the account owner have to lose if he quits using their services? When you figure your accountâs been breached, just contact support and youâll get it back rather quickly.
And when it comes to payments, always use paypal and 2-step authentication with your paypal.
If someone has both security things set up then something fishy is going on.
My guess, either someone the friend knows personally is doing it or the account was in someone elseâs name and they want it back.
I dont even have to do that. There is no money on my paypal. Just my linked bank account. Which is worthless to the hacker because even if they charge my bank account i can just call my bank and say âoi, wasnt me. Get it backâ and thats that. If paypal complains i can tell them to shove it since the breach is on them and they can fix it with whoever got paid.
Thereâs no money on my paypal either 
and I remember itâs pretty easy to request a refund through paypal
Ye but i dont think everyone can go to their bank and do what i just described im capable of doing dependent on country.
I think pretty much every bank offers those services in 2020
or maybe I just thought it was the standard
This was my first thought. They need ID in the same name as the account owner.
Maybe. I will remain skeptical tho. If they do so then all the better.
Or I am assuming he went to one of those websites without any antivirus protection and caught the keylogger so every time he inputed the password it was stolen even when he changed it got stolen again itâs on his friend he was careless nobody to blame but himself.
Did your friend buy this account?
If not, open a ticket for him and send pics of the original box