I wanted to bring up something strange and potentially concerning.
I use unique email addresses for every service I sign up for — this helps me track exactly where spam or leaks are coming from. Recently, I started receiving crypto scam emails (e.g., “Your crypto account has been breached”), but only to the email addresses I used specifically for EVE Online-related accounts.
None of the other unique addresses tied to unrelated services were affected, which makes this highly suspicious. It’s as if only EVE-associated emails were compromised.
Just to be safe, I’ve changed all my passwords. But I’m wondering:
Has there been any official announcement or acknowledgement of a data breach or leak involving EVE Online or any affiliated services?
No, it’s not a case of random email spam. I have my own domain with my own mail server, so I can see from the log files when someone is just spamming random addresses. In this case, the emails were sent to specific addresses that are registered as EVE Online accounts; and it was more than just a few random hits among many attempts. The exact same scam emails were sent only to the addresses registered with EVE Online, and none were sent to other addresses on the domain. That makes me think there may have been a leak of email addresses registered with EVE Online.
CCP shares players’ email addresses and hashed user IDs with its marketing agency and, in some cases, directly with platforms like Google and Facebook for marketing. This is done based on CCP’s legitimate interest and is limited to promoting its games. Third parties can’t use the data for other purposes.
Last time I checked, trying to scam you into giving access to your Ethereum wallet wasn’t considered a legitimate way to promote a game.
And do you trust those platforms that EVE uses for marketing to not sell data? I definitely would think that Google and Facebook sells market data. CCP is not responsible for you getting scam emails.
I think there is little to no concern that the leak came from CCP. It’s more likely that your email(s) were leaked from companies like Alphabet or Meta (or their subsidiaries).
Wrong, any information that can directly lead to identifying you as a person, is personal information. Most common personal information is Name, Address, Phone number, and Email address. Even information on hardware and/or software combinations of devices you use are, or at the very least can be, used to identify a specific user thus in many regions (especially in relation to EU’s GDPR) are also considered personal information.
I’m sorry but I don’t follow. A phone number or email address existing is hardly private, it being attached to some other identifier would be though. The phone number 123 456 7890 or email address of spacemonkey@here. org doesn’t really tell anyone anything without having a name attached to it. Physical Addresses even can freely be searched, but who lives there is private.
Lots of services use Google or Meta marketing platforms, yet my almost spam-free inbox (I guess that’s why I’m sensitive to every bit of spam) is still receiving spam emails sent to the address I registered with EVE Online. I created a simple rule because official EVE emails are signed by SparkPostMail servers, so I just trash everything not signed by SparkPostMail.
Regardless of which country you live in a phone number is registered to a single entity (whether it’s a Person or Company) and simply because it’s more likely than not a Person. It’s deemed Personal Info. Same goes for Email adresses.
Yes, they are private when tied to a name or company, that is not in question. But it is not a breach of privacy if someone contacts that phone number or email address because it exists. If I gave my phone number to a friend and I get contacted by someone else, that friend is not to blame.
My point is that Name, Address, Phone Number, and Email Address are each individually private information. They do not need any of the others info to be private.
I have misunderstood nothing. You see, you need more to actually have violated anything. I can have a list of every single phone number in the world it cannot in any way identify who individuals are or who it belongs to. Same with email and physical addresses. When you start adding things to those though, that’s when it starts to become private. People are allowing to call random numbers, emails, knock on doors, call out random names etc. If someone were to knock on my door and ask for me by name though? Then someone gave that person private information and could be liable for breaching that trust if it was used improperly.
Your personal name, phone, address, and email(s) are out there. Feel free to google (AKA the action verb) any piece of the information and start counting the results.
To claim liable, then I hope you have really deep pockets.
If you have a single piece of private information you can in effect easily find more and connect them together and before long you have it all. If you have a Phone Number you can use it to search phone registers - now you have Name and Phone - now you can more accurately find the address of the entity.
Very differently from if the only piece of info you have is that the entity is using an iPhone - good luck finding any other info with just that.
Yes, that information exists out there, it’s not private until you make those connections. The only thing that can be done is to ask them to take your number down (and they have to comply). But that number still exists, just doesn’t have your name next to it.