League of Legends is the latest in a long line of games to run into security problems. In a post on the game's official site, Riot Games yesterday confirmed that its free-to-play online game was recently hacked, with intruders accessing the personal information of "a portion" of its North American user accounts.
The stolen information included first and last names, user names, e-mail addresses, and salted and hashed passwords. Additionally, salted and hashed credit card information tied to roughly 120,000 transactions from 2011 was also taken. Riot said the payment system changed in July of 2011, and transactions from after that time would not have been included in the breach.
In June of 2011, League of Legends servers were taken down by a distributed denial-of-service attack orchestrated by the Lulzsec hacking collective. However, the group at the time insisted it had not hacked the game but merely knocked the log-in servers offline.
Riot is notifying affected players by e-mail, and is requiring all North American account holders to change their passwords. The company is also working to introduce new layers of security, including e-mail verification and two-step authentication, although it's unclear when those measures will be functional.
"We're sincerely sorry about this situation," Riot Games' Marc Merrill and Brandon Beck said in a statement. "We apologize for the inconvenience and will continue to focus on account security going forward."