League of Legends servers hacked, account information stolen

Credit cards details and user profile info among data stolen

August 22, 2013
League of Legends news

Riot Games, the developers of the popular League of Legends MOBA (Multiplayer Online Battle Arena) have issued a press statement concerning recent hacks that resulted in critical, player-sensitive information being stolen off the League of Legends servers.

Riot Games developers Marc Merill and Brandon Beck caution all players to reset their passwords for both their League of Legends profiles and e-mail addresses and urge players to be wary of unauthorised credit card purchases.

“What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.”

“Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn’t been used since July of 2011, and this type of payment card information hasn’t been collected in any Riot systems since then. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.”

Players can reset their password through a secure link provided by Riot Games, and are cautioned to be wary of social engineering attacks that may look like they’re coming from Riot Games.

Riot Games have also announced that they are proceeding with implementing new security measures which will be available as soon as possible. These include:

  • Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
  • Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.

Salted passwords are plain text passwords encrypted with an algorithm that produces a hashed result of letters and numbers, seemingly at random. Salted hashes are easier to implement and more time-consuming to crack than properly encrypted authentication schemes.

Passwords can be cracked if the hacker has enough salted hashes and password guesses to figure out the algorithm and break any information secured using the hash, which is why Riot Games will keep a close watch on those identified 120,000 account records that were stolen.

Source: Riot Games

More PC Gaming news:

The Sims 4: first details

Games for Windows Live to be killed off

EA Origin offers 24-hour refund on games

Tags: active, Brandon Beck, cracked passwords, Hack, hacking, League of Legends, League of Legends hacking, Marc Merill, Riot Games, salted hash

Shutterstock is the image partner of MyGaming – technology images can be found here

Poll

Are you playing Destiny, or do you plan to buy Destiny?

View Results

Loading ... Loading ...

Latest News

Windows 10 is here

Windows-logo

Forget 9, Microsoft has gone for a perfect 10 with its latest version of Windows

PlayStation Plus prices in SA hiked by over 50%

PlayStation Plus News

The word “slightly” will never be the same around South African gamers again

October’s gaming events in SA

Cosplay

LANs, Cosplay, and rAge – here’s what’s happening in October 2014

Hackers break into Xbox One, Gears of War programmes

Xbox One news 1

Four members of an international hacking ring were charged with cracking the defenses of the US Army network as well as of blockbuster war video games

X

Newsletter Subscription

Name
Email *
Enter the following to confirm your subscription *
Captcha image


Free MyGaming Newsletter:
Subscribe
X
bool(true)