League of Legends servers hacked, account information stolen

Riot Games, the developers of the popular League of Legends MOBA (Multiplayer Online Battle Arena) have issued a press statement concerning recent hacks that resulted in critical, player-sensitive information being stolen off the League of Legends servers.

Riot Games developers Marc Merill and Brandon Beck caution all players to reset their passwords for both their League of Legends profiles and e-mail addresses and urge players to be wary of unauthorised credit card purchases.

“What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.”

“Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn’t been used since July of 2011, and this type of payment card information hasn’t been collected in any Riot systems since then. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.”

Players can reset their password through a secure link provided by Riot Games, and are cautioned to be wary of social engineering attacks that may look like they’re coming from Riot Games.

Riot Games have also announced that they are proceeding with implementing new security measures which will be available as soon as possible. These include:

  • Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
  • Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.

Salted passwords are plain text passwords encrypted with an algorithm that produces a hashed result of letters and numbers, seemingly at random. Salted hashes are easier to implement and more time-consuming to crack than properly encrypted authentication schemes.

Passwords can be cracked if the hacker has enough salted hashes and password guesses to figure out the algorithm and break any information secured using the hash, which is why Riot Games will keep a close watch on those identified 120,000 account records that were stolen.

Source: Riot Games

More PC Gaming news:

The Sims 4: first details

Games for Windows Live to be killed off

EA Origin offers 24-hour refund on games

Forum discussion

Join the conversation

  • DarthMol

    It’s apparently the North American servers that were hacked, so those with accounts on the Western Europe servers don’t need to worry.

  • UltimateNinjaPandaDudeGuy

    I honestly forgot that I even had a LoL account until I got the email… Oh the memories that come back to me now… Adolescent cursing in chat… Kids who would like to fornicate with my mother… Oh LoL…

  • Which is why you should never use a password more than once. Get a good password manager, and use unique randomly generated passwords for every website and online service you subscribe to. And if a service offers 2-factor authentication, use it!

  • AcidRaZor

    If I find people like that (people who don’t want to have fun and need to make others not have fun either), I just use the reporting system now. works a charm

  • Tiaan Brink

    This is why we play Dota.

League of Legends servers hacked, account information stolen

Related posts