CCP launched its new forums for EVE Online last week, but the new forums hit a bit of a snag and had to be shut down when some players discovered a security hole that allowed them to log into the forums as anyone, including CCP devs. The vulnerability also allowed those people to read any private forums that an account had access to, edit posts, change signatures and even inject HTML and possible script coding into the signatures. Luckily, it doesn't appear that those individuals were able to access personal account details and information.
We do not see any evidence of anyone being able to access your personal information or credit cards, which are actually stored in a secure environment which isn't in the communication path for the forums in any way. In essence, the vulnerabilities were limited to people's ability to escalate their privileges on the forum itself and nowhere else. Even were someone able to have injected script the method by which your information would have been at risk would have been in the form of malware, session theft or keylogging of your local machine rather than some window into our secure environment. That being said, it's always a best practice to keep your computers safe from malware and your passwords changed on a regular basis and now's as good a time as any to scan that PC and change your password.
CCP is asking its community to report any found vulnerabilities to [email protected] and have even rewarded helpful members.
Source: EVE Online Dev Blog
To read the latest guides, news, and features you can visit our EVE Online Game Page.