EVE Online servers suffer two-day DDoS attack
CCP Games has published details of repeated distributed denial-of-service (DDoS) attacks it has suffered over the last two days. The company develops and runs the popular massively multiplayer online role playing game (MMORPG) EVE Online. Attackers targeted the "Tranquility" server cluster and managed to exploit a vulnerability in the backend services that support the game servers. After detecting the attack, CCP decided to take the cluster offline while "a taskforce of internal and external experts" investigated the situation. The company now says it has closed the vulnerability and all game services are back to normal.
Tranquility is one of three server clusters run by CCP and houses all gameplay for non-Chinese players of the game. Since EVE Online gameplay is characterised by persistence for all players within the in-game universe, the game world spans the entire cluster and players are not separated on server shards as is common with other MMORPGs. The company decided to take all game services offline while it worked to mitigate the attack. Players of the PlayStation 3 exclusive first-person shooter Dust 514 were also affected as the game is set in the same game world as EVE and also uses the Tranquility server.
After the initial downtime, CCP decided to put the servers back online, but the developers "became aware of additional information" that led them to take the affected systems back offline soon afterwards. The company says that after a thorough scan of its infrastructure, it is now sure that the vulnerability used in the attack has been closed. CCP had kept its customers apprised of the situation as it was developing through its Twitter account for the game and has also announced that it will be compensating players for the time the game was not available. Customer data was neither compromised nor accessible to the attackers according to the statement.