For a lot of folks, Sunday’s a great day to kick back and relax, to fly some internet spaceships or play internet space army. Unfortunately, the EVE Universe’s servers came under a massive distributed denial-of-service attack and traumatically forced everyone to interact with the real world for hours.
The good news: things are working fine again, CCP has plugged the security hole with space spackle, and reports that no customer data was compromised in the process.
CCP have released the following statement about the downtime experienced by both EVE Online and DUST 514 this weekend:
At 02:05 UTC June 2nd, CCP became aware of a significant and sustained distributed denial-of-service attack (DDoS) against the Tranquility cluster (which houses EVE Online and DUST 514) and web servers.
Our policy in such cases is to mobilize a taskforce of internal and external experts to evaluate the situation. At 03:07 UTC, that group concluded that our best course of action was to go completely offline while we put in place mitigation plans.
While we initially reopened EVE Online and DUST 514, at 14:51 UTC we became aware of additional information that led us to re-evaluate our decision. With the highest sense of precaution we took the decision to take Tranquility and associated websites back down for further investigation and an exhaustive scan of our entire infrastructure.
What we can now confirm is that a person was able to utilize a vulnerability in one of the back-end services that support the operation of the Tranquility server. This vulnerability has now been secured and thoroughly tested.
We would like to stress that at no time was customer data compromised or accessible in any way.
The effort of returning the complex server structure of the EVE Universe and associated websites to service in a methodical and highly-scrutinized fashion began hours ago and Tranquility has now been brought online (at 10:13 UTC). Our teams will monitor the situation carefully in the coming hours to ensure that our services are accessible and that all customer data remains secure.
We will be looking at ways to compensate players in both EVE and DUST for the outage and expect to announce what that compensation will be very soon.
We would also like to take this opportunity to thank all of our players on EVE Online and DUST 514 for their patience and understanding during this unexpected downtime and the investigation. We are grateful for your support, as always.
Regards,
Jón Hörðdal Jónasson,
Chief Operating Officer
CCP
With the recent attacks against gaming sites resulting in customer and billing data being lost and certificates being stolen for use in the proliferation of malware, I can only applaud CCP for their approach of shutting it all down in order to properly assess the situation. Sure unplanned downtime like this is annoying, but at least the right steps were taken in time to prevent something more serious.
The Odyssey patch appears to still be on target for release tomorrow on June 4th, however CCP have already stated they have delayed the signups for the next Alliance Tournament by one day due to the downtime.
Sources:
- Tranquility Downtime on Sunday, June 2 and Monday, June 3
- Server status graphs courtesy of EVE-Offline.net
