EVE Online Endures Downtime Due to Breached Security 69
Gamasutra is reporting that a serious security breach caused the closure of EVE Online this past weekend. A previously-unnoticed anomaly in a database prompted CCP, makers of the game, to close down the game world and their website while the issue was examined. The flaw was rectified, and service restored the same day. No credit card or billing information was exposed in the breach. "Explained [CCP chief of operations Jón Hörðdal], 'What we discovered was an indication that one of our databases was being accessed through a security breach. Our policy in such cases is to mobilize a taskforce of internal and external experts to evaluate the situation.' Hörðdal said that the taskforce concluded that going completely dark so that an exhaustive scan could be performed was the best course of action. 'While some may feel that such a drastic reaction was not warranted, it is always our approach to err on the side of caution in order to protect the players,' he said."
The most amusing thing about this story (Score:5, Interesting)
A lot of issues (Score:3, Interesting)
Re:The most amusing thing about this story (Score:5, Interesting)
Yes, the fact that their forums and web servers all point at the same database as the game itself is astonishing. They've certainly made some weird design decisions through the years, although we're certainly not aware of all the factors that influence those decisions. Why on earth they didn't have a static web server page up within seconds of the downtime is really quite sad.
I was on the irc channels and watched the rumours fly around, it was all the work of a bunch of
But the amazing accomplishments of the eve team shouldn't go unnoticed. A single game world means that people actually gain fame across the entire game, not just their little sharded server. Being able to sell some guy a battleship that then gets used in a pivotal battle involving 100s or 1000s of players is just jaw droppingly cool, in my opinion. The player driven economy, complete with scams, piracy, corporate wars and all, have kept me enthralled and entertained. (zealot mode, deactivated)
That's a common racket -- not just EVE (Score:2, Interesting)
The idea is that because you originally consented to charge the card, you can't call in the fraud dept.; since you simply let the account lapse, they can claim plausible error. In circumstances like this, you are not likely to be able to document exactly *when* you "formally" revoked the agreement, which makes it more likely that the customer will simply ask to end the charges going forward -- while they keep the extra charges. They are *banking* on that; everything is set up this way on purpose. Every month that someone forgets, is GRAVY for them!
Phase 2 goes as follows: when you ask the CS rep to have them stop the charges, they can't do a thing -- the CC's are handled by a completely separate department! They tell you to fax your CC number directly to a number for that dept. which they give you. Of course, your credit card company will tell you don't EVER do that! This setup is simply to slow you down in fixing the issue. I had this happen to me three times with two places.
Wait, Mr. AC, that's more incidents than places! Why, yes, it is!
Last year I had to hold a conference call between my CC provider, myself and the CS rep of "PrivacyGuard" an identify-theft "protection" outfit which had been charging my card yearly since 2000 when I first enrolled (a mistake, I know) while their main department no longer had any idea I existed (so I couldn't use the service if I wanted)! All three of us agreed that the most expeditious thing to do was to terminate the CC# and get a new one. Well, a year later, guess who found the new # and charged it again? They can't maintain the info I would need to use their service, but damn it all to hell before they lose track of a credit card!!! I'm going to have to terminate that card outright let I go through this *again* next year.
The other outfit that operates this way is Match.com, by the way. (I am engaged now, but no thanks to them.)
The moral of the story? If you have the option, do NOT use recurring CC charges for *any* services! Prepay for a year, ask to be billed, use your bank's online bill pay, or use some other arrangement where each payment occurs at your own initiative, not theirs.