League of Legends servers hacked, account information stolen

Credit cards details and user profile info among data stolen

August 22, 2013
League of Legends news

Riot Games, the developers of the popular League of Legends MOBA (Multiplayer Online Battle Arena) have issued a press statement concerning recent hacks that resulted in critical, player-sensitive information being stolen off the League of Legends servers.

Riot Games developers Marc Merill and Brandon Beck caution all players to reset their passwords for both their League of Legends profiles and e-mail addresses and urge players to be wary of unauthorised credit card purchases.

“What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.”

“Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn’t been used since July of 2011, and this type of payment card information hasn’t been collected in any Riot systems since then. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.”

Players can reset their password through a secure link provided by Riot Games, and are cautioned to be wary of social engineering attacks that may look like they’re coming from Riot Games.

Riot Games have also announced that they are proceeding with implementing new security measures which will be available as soon as possible. These include:

  • Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
  • Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.

Salted passwords are plain text passwords encrypted with an algorithm that produces a hashed result of letters and numbers, seemingly at random. Salted hashes are easier to implement and more time-consuming to crack than properly encrypted authentication schemes.

Passwords can be cracked if the hacker has enough salted hashes and password guesses to figure out the algorithm and break any information secured using the hash, which is why Riot Games will keep a close watch on those identified 120,000 account records that were stolen.

Source: Riot Games

More PC Gaming news:

The Sims 4: first details

Games for Windows Live to be killed off

EA Origin offers 24-hour refund on games

Tags: active, Brandon Beck, cracked passwords, Hack, hacking, League of Legends, League of Legends hacking, Marc Merill, Riot Games, salted hash

Shutterstock is the image partner of MyGaming – technology images can be found here


Have you bought, or do you plan to buy Evolve?

View Results

Loading ... Loading ...

Latest News

Gaming events of March 2015

PS4 Conteoller

Looking for a gaming event in the coming month? Here are a few you might be interested in

Would you like to be productive today? Don’t download Cluster


Exclusive: a giant conspiracy by a handful of South African game devs to prevent all productive work today

This week’s best gaming deals

Gaming sale and deal

Here are this week’s best gaming deals

Why the PS4 is beating the Xbox One

PlayStation 4 news

According to research, the PS4 is beating the Xbox One because of good-old-fashioned graphics


Newsletter Subscription

Email *
Enter the following to confirm your subscription *
Captcha image

Free MyGaming Newsletter: