Close
Report Comment to a Moderator Our Moderators review all comments for abusive and offensive language, and ensure comments are from Verified Users only.
Please report a comment only if you feel it requires our urgent attention.
I understand, report it. Cancel

League of Legends hacked

League of Legends hacked

Wed 21 Aug 2013 2:55pm GMT / 10:55am EDT / 7:55am PDT
Security

Riot Games confirms security breach of North American accounts tied to 120,000 transactions

League of Legends is the latest in a long line of games to run into security problems. In a post on the game's official site, Riot Games yesterday confirmed that its free-to-play online game was recently hacked, with intruders accessing the personal information of "a portion" of its North American user accounts.

The stolen information included first and last names, user names, e-mail addresses, and salted and hashed passwords. Additionally, salted and hashed credit card information tied to roughly 120,000 transactions from 2011 was also taken. Riot said the payment system changed in July of 2011, and transactions from after that time would not have been included in the breach.

In June of 2011, League of Legends servers were taken down by a distributed denial-of-service attack orchestrated by the Lulzsec hacking collective. However, the group at the time insisted it had not hacked the game but merely knocked the log-in servers offline.

Riot is notifying affected players by e-mail, and is requiring all North American account holders to change their passwords. The company is also working to introduce new layers of security, including e-mail verification and two-step authentication, although it's unclear when those measures will be functional.

"We're sincerely sorry about this situation," Riot Games' Marc Merrill and Brandon Beck said in a statement. "We apologize for the inconvenience and will continue to focus on account security going forward."

3 Comments

Kayleigh McDougall
Studying BA(Hons) Game Design and Production Management

21 1 0.0
I'm surprised that their only now coming out and telling users about this.
You'd think that with credit card information being taken that it would've been made public very fast so that people were aware in case anything happened to their accounts.

Posted:A year ago

#1

Khash Firestorm
Senior Programmer

38 37 1.0
Its safer to them to say it "too late". All companeis try to streach time after attack as long as they can.

Posted:A year ago

#2

Charles Ellis
CEO & Lead Developer

10 5 0.5
I'm surprised that their only now coming out and telling users about this.
You'd think that with credit card information being taken that it would've been made public very fast so that people were aware in case anything happened to their accounts.
The way the article is written is confusing, but it sounds like the security breach was quite recent and as part of that breach the attackers may have/did access historical transaction data from 2011, with all newer transaction data being stored on a different system that was not accessed.

Edited 1 times. Last edit by Charles Ellis on 23rd August 2013 6:39am

Posted:A year ago

#3

Login or register to post

Take part in the GamesIndustry community

Register now