Three previous uses of the exploit that took down the multiplayer science fiction game have been identified; no personal information or credit card numbers were exposed.

Thomas Claburn, Editor at Large, Enterprise Mobility

October 22, 2007

2 Min Read

On Friday, Eve Online, a popular online multiplayer science fiction game, went offline to close a security breach.

In a statement posted on the Web site of CCP, the Reykjavik, Iceland-based company that runs the game, chief operating officer Jon Horodal said that at 10:25 GMT CCP personnel discovered an anomaly in the Eve Online database that pointed to an exploit. Following a security review, the company took its game offline to inspect its infrastructure.

"What we discovered was an indication that one of our databases was being accessed through a security breach," said Horodal. "While some may feel that such a drastic reaction was not warranted, it is always our approach to err on the side of caution in order to protect the players."

According to Horodal, the security breach has been identified and closed. Three previous uses of the exploit have been identified; no personal information or credit card numbers were exposed.

Service was restored at 22:00 GMT and the company said it would continue to monitor the situation.

Posts to the Eve Online Forums suggest that one of the CCP database administrators fell victim to a keylogger, but CCP personnel have downplayed such claims as rumor.

Rumors apparently spread quickly following the service shutdown because the game's forums are hosted on the same infrastructure as the game's database.

An Eve Online community manager said in a post that eventually the forums would run on separate hardware.

"The most likely scenario is that the Eve operational team has a live Internet connection and that a worm or other tool was used to access the game database," said Steven Davis, CEO of game security company SecurePlay, in a blog post.

Eve Online has weathered previous security scandals, one of which in the summer of 2006 involved an insider accused of giving valuable game information to players.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights