Riot Games Hacked!!
Late last night Riot account owners received emails stating that certain accounts have been compromised!!
Riot account owners were in for a rude awakening when emails were sent out stating that some North American accounts had been compromised. User names, email addresses, salted password hashes, and some first and last names were accessed. While password files still were unreadable, those players with easy passwords may be susceptible to account theft.
On top of that, Riot is investigating 120 000 transaction records - containing hashed and salted credit card numbers – that were also accessed. Those players affected by this have been sent emails to let them know of their risks.
What next? Obviously, everyone with a North American Riot account needs to go and change your passwords. Anyone who attempts to log into their Riot account will be asked to change their password anyways, so my advice… make it a good one.
Riot is also working on a few new security features. All new accounts will need to be verified with a valid email address. As well, they are working on “two factor verification. All changes to your account will need to be verified through your valid email address or your mobile SMS.
If you have any concerns about the security breach, associate producer Chager has started up a forum discussion where players can stay up to date and ask their questions.
The security of your information is critically important to us, so we’re really sorry to share that a portion of our North American account information was recently compromised.
What we know: user names, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.
Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.
If you have any questions or concerns, please don’t hesitate to consult the player supportknowledge base or reach out to player support directly.
As a measure to make your accounts safer, within the next 24 hours we’ll require players with accounts in North America to change their passwords to stronger ones that are much harder to guess. At such time, you’ll be automatically prompted to change your password when you attempt to log in to the game. If you’d prefer, please go here to change your password now — http://account.leagueoflegends.com/change-password/na/en-us
Additionally, new security features that are currently in development include:
- Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
- Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.
We’re sincerely sorry about this situation. We apologize for the inconvenience and will continue to focus on account security going forward.