If you go to their TLS advocacy website, https://www.httpsnow.org, you may see something like this:
Given what the EFF is doing with HTTPS advocacy and its investigations of shoddy CA practices, I found this very surprising. Unfortunately, however, it's common for there to be problems with web server certs, and that's the case here (i.e. it's not that there was a compromise).
What happened here is that the subject name/subject alt name is ... "*.eff.org". So, aside from points lost for the use of a wildcard cert, the EFF are using a certificate from what's essentially, for the purpose of certificate validation, an unrelated and incorrect certificate.