| Pages: [1] :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Selene D'Celeste
Caldari
The D'Celeste Trading Company
   |
Posted - 2009.01.27 19:30:00 -
[1]
To: All ring-account holders in Eve Online Hold'Em
An unfortunate incident has occurred and we need any and all EOH players who have any deposits in their Ring-Game accounts to carefully read the rest of this post.
Recently there was a hacking attempt on our server, and unfortunately a small number of accounts in the system have been compromised. While the number of accounts numbers less than a dozen, we also believe that the perpetrator gained access to user login information for the EOH system. This was confirmed yesterday when some individuals whose login information used in our system matched their login information at EBANK, was used in order to try to drain EBANK accounts.
Luckily, EBANK caught this attempt very early on, and is taking measures to protect its customers. We have sealed off the Ring system and have been performing extensive audits on what information we have available. We have also secured EOH against such future attempts, even though this incident was only successful because of a perfect storm of failures on our part. This brings me to the current action plan which I need everyone to pay attention to and help us with.
The Ring system will remain down, and we will be paying out -all- accounts without collecting rake. Losses from the compromised accounts will be covered by the house. Since these are so few in number, we will be contacting those affected, so bombarding us with a hundred requests for secondary audit checks is only going to make the situation take longer. The biggest challenge here is that a significant number of our users have incorrectly filled out their account information, and tracing accounts to characters is going to be an extensive process. So this is what we need for you:
1) Check your EOH account. If you do not have any chips in your account, there is no need to do anything.
2) If there are chips in your account and your "Real Name" is set correctly to your EVE character name, there is no need to do anything.
3) If there are chips in your account and your "Real Name" is not set correctly, please evemail me (Selene D'Celeste) with as much account information as possible. "Hai I have chips giev plz" does not help us and does not get you your ISK quicker.
By the time the system is paid out, we are hoping to have completed the new account creation interface we've been working on. Effectively this will force all accounts to be tied to specific EVE characters, preventing future cashout issues and security concerns. Once all current accounts are squared away and the new account creation interface is ready, we will be wiping all accounts and using the new system from then on. This also ensures that no player in our system continues to use login information that was potentially compromised. In the meantime, regular games will continue as there are no security issues with any regular banking practices.
Now for everyone who didn't read the above or who is confused, expected questions and comments: |
Selene D'Celeste
Caldari
The D'Celeste Trading Company
|
Posted - 2009.01.27 19:31:00 -
[2]
Edited by: Selene D''Celeste on 27/01/2009 19:32:10
Q: EOH was compromised and is obviously not safe to use. How do we know this won't happen again?
A: No service is perfect, and mistakes do happen. EOH has paid out of pocket to cover issues before, and will do so again. What we can guarantee is that we are doing our best to make this a secure system so that you can enjoy your card games without concern, and that as long as making reparations is within our means, we will continue to do so and not simply close the business. It should also be noted that in no way were any actual games affected by this incident. Only the chips in a select few accounts and some amount of login information have been compromised.
Q: My ring chips! My precious ring chips! Give them to me now!
A: This process is going to take time. I expect at least a couple of weeks. We don't exactly have a dozen people with nothing to do in order to go through over a thousand accounts and tracking down players. However we will proceed with the cashout as quickly as reason and safety allow.
Q: How do you know my account wasn't compromised? I want a trillion ISK now, thanks.
A: We keep logs. I've spent a lot of time prying data from them recently. I can speak with an exceptionally high degree of certainty that all issues resulting from this incident are now known and we will be speaking with the affected parties for reparations. The forced cashout of all accounts is simply a security measure to prevent any chance of future damage resulting from this incident.
Q: When will Ring be back up?
A: Once all current accounts are closed out and our new account interface is ready, we will be relaunching Ring.
Q: Why is Ring closing again? / Why is Ring down!?
A: Ring is down so that no further changes can happen to accounts. This ensures that we pay everyone out correctly. We're not about to leave a system up and risk further compromise for you, the players.
Q: So no more poker until then?
A: Poker will continue via the standard Tournament-style games, where ISK goes to and from a staff member at the beginning and end of the game respectively. This ISK never enters the ring system, so there are no issues with continuing this part of our service.
|
Hexxx
Minmatar
|
Posted - 2009.01.27 19:35:00 -
[3]
Just to confirm EBANK's part in this. We identified a security breach and quickly determined that passwords had been compromised somehow. We did a review of all the potential account compromises (roughly a dozen) and determined the link to EOH within 24 hours. After identifying the potential source we worked closely with EOH to investigate the issue, the cause, and to discuss the appropriate actions.
EBANK's damage is minimal. I'll be putting up even more information within the coming days. That's it for now. Again, withdraws are slower for this week as we continue to monitor the movement of money within EBANK. |
Salvo Brunel
|
Posted - 2009.01.27 23:36:00 -
[4]
Edited by: Salvo Brunel on 27/01/2009 23:45:40
How do you check that your "Real Name" is set correctly? I believe mine is (on an alt btw), but how would I check. The 'Account > Change Info option' is currently disabled. |
Selene D'Celeste
Caldari
The D'Celeste Trading Company
|
Posted - 2009.01.27 23:52:00 -
[5]
 Originally by: Salvo Brunel
Edited by: Salvo Brunel on 27/01/2009 23:45:40
How do you check that your "Real Name" is set correctly? I believe mine is (on an alt btw), but how would I check. The 'Account > Change Info option' is currently disabled.
In Mavens, go to the "Logins" tab. Your "Real Name" is under the "Name" column and your account name under "Player". Since you're logged in it shows there, and you can determine whether or now it's set correctly or not.
Change Info is disabled for now so that none of the accounts can be messed with while we continue to pay out all existing accounts. |
Trustworthy Joe
|
Posted - 2009.01.27 23:55:00 -
[6]
I am curious as to whether this incident was related to the BIG games incident |
Amarr Citizen 155
Alternative Methods Research Group
|
Posted - 2009.01.27 23:57:00 -
[7]
Originally by: Trustworthy Joe
I am curious as to whether this incident was related to the BIG games incident
Link or more information? |
TomHorn
|
Posted - 2009.01.28 00:05:00 -
[8]
Hi all just like to say
good on EOH for catching on to this activity and working to rectify it in a quick and public manner. Way to be proactive.
Kind regards
TomHorn
|
Diametrix
Caldari
22nd Black Rise Defensive Unit
|
Posted - 2009.01.28 01:37:00 -
[9]
What is the liklihood you can figure out who did this? And when you do, please publish the info. I'm certain a large portion of the EOH community would like to 'discuss' the matter with the thief.
|
cosmoray
Cosmoray Construction
|
Posted - 2009.01.28 02:56:00 -
[10]
When we want to redeposit fund for ring games, I am assuming there will be no charge on payment in?
|
Mynxee
Hellcats
The Bastards.
|
Posted - 2009.01.28 03:29:00 -
[11]
*sigh* Why does someone always have to ruin it for those of us who just want to have a little fun at the poker tables? Thanks for keeping us so clearly informed, Selene. Hope you get it all sorted out soon and EOH is back stronger than ever.
Life in Low Sec | Hellcats |
Joss Sparq
Caldari
ANZAC ALLIANCE
Southern Cross Alliance
|
Posted - 2009.01.28 03:35:00 -
[12]
Originally by: Amarr Citizen 155
Originally by: Trustworthy Joe
I am curious as to whether this incident was related to the BIG games incident
Link or more information?
From the IGB News page
Originally by: ISD Clarity Brown
Pilots who placed bets on Alliance Tournament VI matches through BIG experienced some concern when the "My Bets" section of the BIG site failed to update to show their bets. BIG representative Voltaire Leriel issued a public statement on GalNet yesterday assuring punters that their bets were safe.
"We are fully aware of all of your concerns and are experiencing techinal difficulties with our betting system. We're working to resolve it, and none of your bets have been lost. All the data for your bets is contained in the API and is safe and sound. All bets will be honored once we figure out what is going on.
"We apologize for any inconvenience this is causing you; we'll get it up and running properly as soon as we're able!"
At the time of publication, no further information was available on when the first round of bets will be paid out, but when an estimated date is available, the Interstellar Correspondents will keep you up to date.
|
Kaiok
Salvage and Mining Consortium
|
Posted - 2009.01.28 11:55:00 -
[13]
Good work Selene and the rest of the EOH and EBANK staff. A lesser organisation may not have handled this so well.
As Cosmoray said though
Originally by: cosmoray
When we want to redeposit fund for ring games, I am assuming there will be no charge on payment in?
You've lost out on lots for not raking the withdrawals so I wouldn't blame you for charging again. Lifting the rake on pay ins up to what a person had beforehand for a week may be something to consider though.
Another thing, those people who have their poker login the same as their EvE account make sure you change it.
Again, well handled. Looks like I have to play tourneys for once.
- Kaiok |
Selene D'Celeste
Caldari
The D'Celeste Trading Company
|
Posted - 2009.01.28 14:01:00 -
[14]
Originally by: Kaiok
As Cosmoray said though
Originally by: cosmoray
When we want to redeposit fund for ring games, I am assuming there will be no charge on payment in?
You've lost out on lots for not raking the withdrawals so I wouldn't blame you for charging again. Lifting the rake on pay ins up to what a person had beforehand for a week may be something to consider though.
We're not sure yet. And as to your suggestion, tracking that kind of a thing is a nightmare. Paying out accounts now is a nightmare. It's either going to be raked, or not. We really can't handle anything inbetween.
We may also take this opportunity to change how we deal with rake as well as other things, since we're going to be starting fresh with this part of our system. I'm currently in discussion with Twizzle and our staff about how to better pay bankers for their time, and make ISK->chip->ISK conversions easier. One possibility is to switch to rake/hand as Kent implemented this on Mavens a while ago. This would replace rake on both deposits and cashouts, and would be quite small (1% or less). The benefits here include paying bankers based on activity, not on the size of deposits, and when a player wants 100m in chips, they get 100m in chips, not some odd number that leads to confusion and possibly mistrust for newer folk who don't understand the system. The biggest reservation on this system is that we're not prepared to implement and manage a rakeback system to go with such a change, and the two do often go hand in hand. So while I'm cleaning up this mess, any suggestions from you all would be appreciated.
Originally by: Kaiok
Another thing, those people who have their poker login the same as their EvE account make sure you change it.
The accounts are currently locked down and cannot be changed, but do please change your EVE account information if that matches. As I mentioned in the OP here, we'll be purging all accounts and forcing everyone to remake accounts via a new web form, ensuring that all accounts are tied to a specific character. This not only fixes several potential security issues, but makes the day to day matching of characters to accounts so much easier. Yes, I'm looking at you Mr. Player who made an account named "Jim" with no other information.
And finally, I appreciate all of the kind words and support we've been getting since this announcement. I was quite concerned that we'd end up having to close up shop after paying out everyone, but I don't think the room was phased in the least last night. Hopefully we're here for a long while yet and we can keep this thing we call EOH growing and moving forward. Thanks again. |
Selene D'Celeste
Caldari
The D'Celeste Trading Company
|
Posted - 2009.01.28 16:42:00 -
[15]
On a side note, I'll be out of town for the next day and a half on business. I worked through around 100 accounts last night, and will try to get the rest paid out Friday and through the weekend. There are a few hundred of you with < 50m in your accounts though, so it's going to take a while, heh.
If you have account information for me as specified in my OP, or have other questions, leave me evemails on Selene and I'll get back to you all on Friday. |
Lost Hamster
Serenity and Hungarian Operational Team
|
Posted - 2009.02.01 10:22:00 -
[16]
Ohh man.. That will be a lot's of work. I hope that everything will be OK. |
Dalts
|
Posted - 2009.02.01 13:00:00 -
[17]
Hope they didn't touch Nack's account!!! |
Selene D'Celeste
Caldari
The D'Celeste Trading Company
|
Posted - 2009.02.01 18:46:00 -
[18]
Originally by: Lost Hamster
Ohh man.. That will be a lot's of work. I hope that everything will be OK.
Most of the 500 or so accounts with positive balances have been paid out as of today. There are still a couple dozen that I can't identify since they didn't use any thing close to their in-game character name, despite our instructions. Hopefully people start getting ahold of me during the next week or two. |
Felt Saidhao
|
Posted - 2009.02.03 03:42:00 -
[19]
Thanks a lot Selene.
It's a shame you have to go through all of this. While I'm sure we all hope for the forecoming new EOH to be everything you (obviously) want it to be, what's really, really important is that we have you guys around still. 
|
Selene D'Celeste
Caldari
The D'Celeste Trading Company
|
Posted - 2009.02.03 13:45:00 -
[20]
Originally by: Felt Saidhao
Thanks a lot Selene.
It's a shame you have to go through all of this. While I'm sure we all hope for the forecoming new EOH to be everything you (obviously) want it to be, what's really, really important is that we have you guys around still.
Thanks! And as I said before, most everyone is paid out except for a few whom I can't identify. So if you still have ISK in our system, please contact me with account information.
I'm hoping to relaunch Ring in a week, so my guess is any outstanding debt I'll just mark off names so they can get paid off later, unless they don't show up for our normal 3-month claim window. All but maybe a couple of < 20m accounts that I couldn't identify have been active in the last couple of weeks though, so everyone should check in before too long.
|
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |