EVE Online Endures Downtime Due to Breached Security

Gamasutra is reporting that a serious security breach caused the closure of EVE Online this past weekend. A previously-unnoticed anomaly in a database prompted CCP, makers of the game, to close down the game world and their website while the issue was examined. The flaw was rectified, and service restored the same day. No credit card or billing information was exposed in the breach. "Explained [CCP chief of operations Jón Hörðdal], 'What we discovered was an indication that one of our databases was being accessed through a security breach. Our policy in such cases is to mobilize a taskforce of internal and external experts to evaluate the situation.' Hörðdal said that the taskforce concluded that going completely dark so that an exhaustive scan could be performed was the best course of action. 'While some may feel that such a drastic reaction was not warranted, it is always our approach to err on the side of caution in order to protect the players,' he said."

The most amusing thing about this story

[Silverlancer]

The most amusing thing about this story wasn't the story itself, but the rumors. Because the main forums run off the same database server as the game (a WTF in itself!), the developers were unable to post any information except through unofficial chat/IRC/etc, resulting in a number of rumors being spread. The most popular rumor was that a rollback would be necessary due to some sort of cheating, with the numbers flying around going up to that of a 6 week rollback. Of course, this made players go nuts, and probably gave a good laugh to those who made up the rumors. Most of all, it shows how important communication with customers is.

A lot of issues

[king-manic]

I know a few Eve players but I didn't get on board myself. With all the notable controversies I find it astonishing it's still in business. I suppose if the game play is addictive in the flavor that is right for you, you'll put up with a lot.

Re:The most amusing thing about this story

[anthonyclark]

The EVE devs remind me of many open source dev groups; really great coders, fun guys but terrible at the subtleties of customer service.

Yes, the fact that their forums and web servers all point at the same database as the game itself is astonishing. They've certainly made some weird design decisions through the years, although we're certainly not aware of all the factors that influence those decisions. Why on earth they didn't have a static web server page up within seconds of the downtime is really quite sad.

I was on the irc channels and watched the rumours fly around, it was all the work of a bunch of /b/ style folks who enjoyed trolling and watching the rollback rumours fly. Why anyone fell for it is beyond me to explain. (apart from "folks are dumb")

But the amazing accomplishments of the eve team shouldn't go unnoticed. A single game world means that people actually gain fame across the entire game, not just their little sharded server. Being able to sell some guy a battleship that then gets used in a pivotal battle involving 100s or 1000s of players is just jaw droppingly cool, in my opinion. The player driven economy, complete with scams, piracy, corporate wars and all, have kept me enthralled and entertained. (zealot mode, deactivated)

That's a common racket -- not just EVE

[Anonymous Coward]

It is a common racket for companies to have their CC charging dept. completely separate from the customer service wing which handles your account. The reason for this is that so if you forget you have the account, it eventually gets closed down due to dormancy -- but your CC still gets charged like clockwork!

The idea is that because you originally consented to charge the card, you can't call in the fraud dept.; since you simply let the account lapse, they can claim plausible error. In circumstances like this, you are not likely to be able to document exactly *when* you "formally" revoked the agreement, which makes it more likely that the customer will simply ask to end the charges going forward -- while they keep the extra charges. They are *banking* on that; everything is set up this way on purpose. Every month that someone forgets, is GRAVY for them!

Phase 2 goes as follows: when you ask the CS rep to have them stop the charges, they can't do a thing -- the CC's are handled by a completely separate department! They tell you to fax your CC number directly to a number for that dept. which they give you. Of course, your credit card company will tell you don't EVER do that! This setup is simply to slow you down in fixing the issue. I had this happen to me three times with two places.

Wait, Mr. AC, that's more incidents than places! Why, yes, it is!

Last year I had to hold a conference call between my CC provider, myself and the CS rep of "PrivacyGuard" an identify-theft "protection" outfit which had been charging my card yearly since 2000 when I first enrolled (a mistake, I know) while their main department no longer had any idea I existed (so I couldn't use the service if I wanted)! All three of us agreed that the most expeditious thing to do was to terminate the CC# and get a new one. Well, a year later, guess who found the new # and charged it again? They can't maintain the info I would need to use their service, but damn it all to hell before they lose track of a credit card!!! I'm going to have to terminate that card outright let I go through this *again* next year.

The other outfit that operates this way is Match.com, by the way. (I am engaged now, but no thanks to them.)

The moral of the story? If you have the option, do NOT use recurring CC charges for *any* services! Prepay for a year, ask to be billed, use your bank's online bill pay, or use some other arrangement where each payment occurs at your own initiative, not theirs.