EVE Online Endures Downtime Due to Breached Security

Gamasutra is reporting that a serious security breach caused the closure of EVE Online this past weekend. A previously-unnoticed anomaly in a database prompted CCP, makers of the game, to close down the game world and their website while the issue was examined. The flaw was rectified, and service restored the same day. No credit card or billing information was exposed in the breach. "Explained [CCP chief of operations Jón Hörðdal], 'What we discovered was an indication that one of our databases was being accessed through a security breach. Our policy in such cases is to mobilize a taskforce of internal and external experts to evaluate the situation.' Hörðdal said that the taskforce concluded that going completely dark so that an exhaustive scan could be performed was the best course of action. 'While some may feel that such a drastic reaction was not warranted, it is always our approach to err on the side of caution in order to protect the players,' he said."

The most amusing thing about this story

[Silverlancer]

The most amusing thing about this story wasn't the story itself, but the rumors. Because the main forums run off the same database server as the game (a WTF in itself!), the developers were unable to post any information except through unofficial chat/IRC/etc, resulting in a number of rumors being spread. The most popular rumor was that a rollback would be necessary due to some sort of cheating, with the numbers flying around going up to that of a 6 week rollback. Of course, this made players go nuts, and probably gave a good laugh to those who made up the rumors. Most of all, it shows how important communication with customers is.

Re:The most amusing thing about this story

[anthonyclark]

The EVE devs remind me of many open source dev groups; really great coders, fun guys but terrible at the subtleties of customer service.

Yes, the fact that their forums and web servers all point at the same database as the game itself is astonishing. They've certainly made some weird design decisions through the years, although we're certainly not aware of all the factors that influence those decisions. Why on earth they didn't have a static web server page up within seconds of the downtime is really quite sad.

I was on the irc channels and watched the rumours fly around, it was all the work of a bunch of /b/ style folks who enjoyed trolling and watching the rollback rumours fly. Why anyone fell for it is beyond me to explain. (apart from "folks are dumb")

But the amazing accomplishments of the eve team shouldn't go unnoticed. A single game world means that people actually gain fame across the entire game, not just their little sharded server. Being able to sell some guy a battleship that then gets used in a pivotal battle involving 100s or 1000s of players is just jaw droppingly cool, in my opinion. The player driven economy, complete with scams, piracy, corporate wars and all, have kept me enthralled and entertained. (zealot mode, deactivated)

Re:The most amusing thing about this story

[Andy+Dodd]

This is correct. EVE's forum logins are tightly tied to your account and characters.

It has always been that only players with active accounts could post on the forums, and in addition on some forums players are forbidden from posting unless they have chosen to make certain information (such as their corporation and alliance affiliation) public.

Re:The most amusing thing about this story

[illumin8]

This is correct. EVE's forum logins are tightly tied to your account and characters.

It has always been that only players with active accounts could post on the forums, and in addition on some forums players are forbidden from posting unless they have chosen to make certain information (such as their corporation and alliance affiliation) public.

Alright, Single Sign On (SSO) is a good thing usually. But haven't they ever heard of LDAP before? Why have username/passwords in the database, especially if they suspect hackers might compromise the database? What they really should do is have external authentication servers running LDAP and have both the game client and the forums use that as an authentication source.

It never ceases to amaze me when companies that should know better do stupid things.

A lot of issues

[king-manic]

I know a few Eve players but I didn't get on board myself. With all the notable controversies I find it astonishing it's still in business. I suppose if the game play is addictive in the flavor that is right for you, you'll put up with a lot.

Re:A lot of issues

[CogDissident]

A lot of people play it because its the only truely "massive" online game. WoW only has 1,000 people per server, most other games have less than 3,000 online at a time, EVE has gotten 50,000 or more people online on the same game simultaniously (with 20-30k being regular)

Re:A lot of issues

[vux984]

So yes, it appeals to the elitist prick portion of the population. Or people who wish they made Excel in to a game.

Aw shucks. I knew there was a reason I liked it. I'm both. Not.

That said, I did like it, but after my trial elected not to play for 2 reasons:

1) The dev scandal was just unfolding, and I was utterly appalled with it. Not only that they handled it so poorly, but the revelations that they allowed devs to participate at that level at all, nevermind the cheating. GM abusing mechanics is bad in a PvE game like WoW or EQ, but in a PvP game like Eve, its absolutely unacceptable.

2) Because its truly massively multiplayer and PvE, your most valuable asset is the people you know, your reputation, and your influence. You cannot obtain this playing only a few hours here and there. You've got to play constantly to become relevant or important in the hierarchy.

In Warcraft, you can play once a week and eventually see the end game, it'll take you longer, but you'll still get there. You are competing against the game, and whever you play, you move forward. Eventually you get to the end. You aren't really competing against the other players, and the fact that other players are more powerful is largely irrelevant.

In Eve, you are competing against the other players, to defeat them or gain influence over them is really the point of the game, and those that consistently play more than you will always be ahead of you. Always.

I suppose if you are content to mine asteroids and sell minerals on some small irrelevant scale you can play Eve and have fun. But that's the equivalent of being an ore farmer in Warcraft and about as fulfilling.

Re:A lot of issues

[CanSpice]

Eve has never had anywhere near 50,000 online at the same time. The record is 35,965 simultaneous logins.

That's a common racket -- not just EVE

It is a common racket for companies to have their CC charging dept. completely separate from the customer service wing which handles your account. The reason for this is that so if you forget you have the account, it eventually gets closed down due to dormancy -- but your CC still gets charged like clockwork!

The idea is that because you originally consented to charge the card, you can't call in the fraud dept.; since you simply let the account lapse, they can claim plausible error. In circumstances like this, you are not likely to be able to document exactly *when* you "formally" revoked the agreement, which makes it more likely that the customer will simply ask to end the charges going forward -- while they keep the extra charges. They are *banking* on that; everything is set up this way on purpose. Every month that someone forgets, is GRAVY for them!

Phase 2 goes as follows: when you ask the CS rep to have them stop the charges, they can't do a thing -- the CC's are handled by a completely separate department! They tell you to fax your CC number directly to a number for that dept. which they give you. Of course, your credit card company will tell you don't EVER do that! This setup is simply to slow you down in fixing the issue. I had this happen to me three times with two places.

Wait, Mr. AC, that's more incidents than places! Why, yes, it is!

Last year I had to hold a conference call between my CC provider, myself and the CS rep of "PrivacyGuard" an identify-theft "protection" outfit which had been charging my card yearly since 2000 when I first enrolled (a mistake, I know) while their main department no longer had any idea I existed (so I couldn't use the service if I wanted)! All three of us agreed that the most expeditious thing to do was to terminate the CC# and get a new one. Well, a year later, guess who found the new # and charged it again? They can't maintain the info I would need to use their service, but damn it all to hell before they lose track of a credit card!!! I'm going to have to terminate that card outright let I go through this *again* next year.

The other outfit that operates this way is Match.com, by the way. (I am engaged now, but no thanks to them.)

The moral of the story? If you have the option, do NOT use recurring CC charges for *any* services! Prepay for a year, ask to be billed, use your bank's online bill pay, or use some other arrangement where each payment occurs at your own initiative, not theirs.

Re:BULLSHIT

[Diss+Champ]

True. In Eve on the other hand, while it is a fairly risk-free way to make ISK, you can make money MUCH faster with even a small amount of creativity. Heck, it doesn't even need to be your creativity- the people with the ideas will pay you more than the miners get to implement their plans.

Of course, I've never been that obsessed by "progress" relative to whether what I'm actually doing is fun. Case in point, I also play LOTRO some, and I'm still exploring different bits of the relatively low level content a month in- rather than rushing a character up to lvl50 just to achieve "progress". I take my time, actually read the flavor text on the quests, roleplay a bit, help out new players, hang out with my guild. I'll reach 50 eventually, but I'll have had fun getting there, which is supposed to be the point. It's a game after all. Mileage may vary with addiction to level dings.