Close
Are you sure? Are you sure you want to report this comment? I understand, report it. Cancel

League of Legends hacked

League of Legends hacked

Wed 21 Aug 2013 2:55pm GMT / 10:55am EDT / 7:55am PDT
Security

Riot Games confirms security breach of North American accounts tied to 120,000 transactions

League of Legends is the latest in a long line of games to run into security problems. In a post on the game's official site, Riot Games yesterday confirmed that its free-to-play online game was recently hacked, with intruders accessing the personal information of "a portion" of its North American user accounts.

The stolen information included first and last names, user names, e-mail addresses, and salted and hashed passwords. Additionally, salted and hashed credit card information tied to roughly 120,000 transactions from 2011 was also taken. Riot said the payment system changed in July of 2011, and transactions from after that time would not have been included in the breach.

In June of 2011, League of Legends servers were taken down by a distributed denial-of-service attack orchestrated by the Lulzsec hacking collective. However, the group at the time insisted it had not hacked the game but merely knocked the log-in servers offline.

Riot is notifying affected players by e-mail, and is requiring all North American account holders to change their passwords. The company is also working to introduce new layers of security, including e-mail verification and two-step authentication, although it's unclear when those measures will be functional.

"We're sincerely sorry about this situation," Riot Games' Marc Merrill and Brandon Beck said in a statement. "We apologize for the inconvenience and will continue to focus on account security going forward."

3 Comments

Kayleigh McDougall
Studying BA(Hons) Game Design and Production Management

21 1 0.0
I'm surprised that their only now coming out and telling users about this.
You'd think that with credit card information being taken that it would've been made public very fast so that people were aware in case anything happened to their accounts.

Posted:8 months ago

#1

Khash Firestorm
Senior Programmer

37 36 1.0
Its safer to them to say it "too late". All companeis try to streach time after attack as long as they can.

Posted:8 months ago

#2

Charles Ellis
CEO & Lead Developer

8 3 0.4
I'm surprised that their only now coming out and telling users about this.
You'd think that with credit card information being taken that it would've been made public very fast so that people were aware in case anything happened to their accounts.
The way the article is written is confusing, but it sounds like the security breach was quite recent and as part of that breach the attackers may have/did access historical transaction data from 2011, with all newer transaction data being stored on a different system that was not accessed.

Edited 1 times. Last edit by Charles Ellis on 23rd August 2013 6:39am

Posted:8 months ago

#3

Login or register to post

Take part in the GamesIndustry community

Register now