EVE Online's volunteer program compromised

CCP Games, makers of EVE Online, announced that they've discovered wrongdoing on the part of an individual or individuals within[correction: in relation to] their volunteer program, and are investigating the matter. The Volunteer Manager for EVE Online, CCP Ginger, explained the situation earlier today: "Last weekend external resources related to the Interstellar Services Department (ISD), EVE's volunteer program, were compromised which led to the theft of some volunteer program related data but also information about specific volunteers. As a result, we are being extra careful here, as this first and foremost pertains to the volunteer program and has no effect on our EVE Online operations or any customer data whatsoever."

CCP Ginger stressed that information stolen came from "areas operated outside of CCP's infrastructure and is therefore not related to anyone's EVE player account data. Player billing information, personal information, and character/game information all remain completely secure and unaffected, as well as CCP corporate pathways and e-mail, Tranquility, databases, etc."

An investigation is ongoing by the company's Internal Affairs division, which looks into allegations of wrongdoing on the part of anyone connected with CCP Games, be it the player-elected Council of Stellar Management, the aforementioned ISD, or even the developers themselves. As a precaution, CCP has shut down the ISD servers and services while the investigation is conducted. There is no indication from the announcement that this is a widespread problem nor that the future of the ISD program is in any jeopardy.

CCP Ginger also stated: "All players, particularly those who are or have been in the EVE Online volunteer program, should be aware that any e-mails sent from the @eve-crc.net domain are bogus and have been sent from someone pretending to be an official representative of CCP."

The Interstellar Services Department, is something we've mentioned in the past at Massively. It's an organization of player volunteers with various departments that focus on different aspects of EVE Online, ranging from reporting on in-game battles and news events to helping new players understand the game. By the nature of the work they do, some ISD volunteers may have access to information (not subscriber or character information) that should be kept in the strictest confidence, but in this case was not.

The CCP Games announcement is somewhat vague, as there's no mention of what information specifically was stolen. While Massively can't confirm the veracity of the information presented by these sites, Kugutsumen.com appears to be where word got out, and BattleDB has a look at the situation with some commentary on the CCP dev blog as well. Both sites explain how IP addresses were harvested from the EVE-focused site Kugutsumen.com and (reportedly) leaked by an ISD volunteer, presumably to crosscheck against IP addresses used to connect to IRC Coldfront -- a popular IRC channel used by EVE players as well as developers and ISD volunteers.

Massively contacted CCP Games for a comment on the matter but had not received a response at the time this post was scheduled to run.