Sections

League of Legends hacked

Riot Games confirms security breach of North American accounts tied to 120,000 transactions

League of Legends is the latest in a long line of games to run into security problems. In a post on the game's official site, Riot Games yesterday confirmed that its free-to-play online game was recently hacked, with intruders accessing the personal information of "a portion" of its North American user accounts.

The stolen information included first and last names, user names, e-mail addresses, and salted and hashed passwords. Additionally, salted and hashed credit card information tied to roughly 120,000 transactions from 2011 was also taken. Riot said the payment system changed in July of 2011, and transactions from after that time would not have been included in the breach.

In June of 2011, League of Legends servers were taken down by a distributed denial-of-service attack orchestrated by the Lulzsec hacking collective. However, the group at the time insisted it had not hacked the game but merely knocked the log-in servers offline.

Riot is notifying affected players by e-mail, and is requiring all North American account holders to change their passwords. The company is also working to introduce new layers of security, including e-mail verification and two-step authentication, although it's unclear when those measures will be functional.

"We're sincerely sorry about this situation," Riot Games' Marc Merrill and Brandon Beck said in a statement. "We apologize for the inconvenience and will continue to focus on account security going forward."

Related stories

Riot looks to finalize eSports streaming deal with MLB - report

Major League Baseball Advanced Media's tech unit may buy eSports streaming rights for $200m

By James Brightman

Riot commits to revenue sharing with LoL eSports players

"We recognize that the current ecosystem isn't consistently profitable yet for team owners or for the league"

By Matthew Handrahan

Latest comments (3)

Kayleigh McDougall Studying BA(Hons) Game Design and Production Management, University of Abertay Dundee3 years ago
I'm surprised that their only now coming out and telling users about this.
You'd think that with credit card information being taken that it would've been made public very fast so that people were aware in case anything happened to their accounts.
0Sign inorRegisterto rate and reply
Khash Firestorm Senior Programmer, MuHa Games3 years ago
Its safer to them to say it "too late". All companeis try to streach time after attack as long as they can.
0Sign inorRegisterto rate and reply
Charles Ellis CEO & Lead Developer, Portalus Games3 years ago
I'm surprised that their only now coming out and telling users about this.
You'd think that with credit card information being taken that it would've been made public very fast so that people were aware in case anything happened to their accounts.
The way the article is written is confusing, but it sounds like the security breach was quite recent and as part of that breach the attackers may have/did access historical transaction data from 2011, with all newer transaction data being stored on a different system that was not accessed.

Edited 1 times. Last edit by Charles Ellis on 23rd August 2013 6:39am

0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.