Mail Bag

CCP Responds To EVE Online Source Code Leak

| 15 Apr 2008 18:45
image

CCP has issued a response to reports that the source code for EVE Online, its long-running space-based MMOG, has been leaked to various torrent sites.

Early reports indicated the leak began with torrent index site The Pirate Bay, and that CCP themselves had begun seeding the torrent in order to track the IP addresses of users who downloaded it in order to ban their EVE Online accounts. Discussion of the leak on the official EVE forums was also said to be forbidden.

But in a statement sent by CCP representative Valerie Massey, who called the issue "grossly blown out of proportion," the company said the code leak presented no security risk to either CCP or its customers, and that the game itself could not be affected by it. The company also denied the claims of censorship and mass banning, saying it was only continuing to follow the standard procedure of removing message posts that contravened the game's EULA.

The official statement from CCP:

"We are aware that an individual claims to have access to the source code of the EVE client, but this access is not a security risk to CCP or our customers in any way. The Python scripting language that is used by the client can be easily decompiled to generate readable code, and we have designed our server-side systems with that understanding. Therefore, there is no reason to believe that the code was leaked by an employee and our internal investigations confirm that."

"Access to the source code for the EVE client exposes no security vulnerabilities, has no privacy protection issues, and poses no threat to our customers billing information. The server-side interface used by the client is carefully protected to ensure that no abusive or unwanted information is transmitted to or from the EVE system."

"Nothing the EVE client can do can affect the game state, a manipulated EVE client cannot affect the server, no advantageous or disadvantageous information can be transmitted to other EVE users by altering the EVE client. The EVE client is signed with a security certificate registered to CCP. Hashes are available on our web site for those who wish to ensure the integrity of EVE client download files they may have received from a source other than direct download from CCP's web site."

"Finally, there have been no mass bannings, as reported in some news articles, though we do remove all message board posts regarding violations of our EULA and Terms of Service as per standard policy and procedures. We consider any alterations of the client software, including decompilation, or discussions thereof, to represent such a violation."

RELATED CONTENT
Comments on