X

League of Legends is hacked, with crucial user info accessed

One of the world's most popular online video games falls prey to a security breach involving usernames, e-mail addresses, salted passwords, and 120,000 salted credit card numbers.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
2 min read
Riot Games

Hackers have breached the system of one of the world's most popular online video games: League of Legends.

Riot Games, which developed League of Legends, announced Tuesday that some usernames, e-mail addresses, salted password hashes, first and last names, and even some salted credit card numbers have been accessed. The salted data is somewhat protected, but if users have easily guessable passwords, their information could be susceptible to theft, Riot Games warned.

The affected users are only those who live in North America. While the accessed credit card information is alarming, it pertains only to records from 2011 and earlier.

"We are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed," Riot Games wrote in a blog post. "The payment system involved with these records hasn't been used since July of 2011, and this type of payment card information hasn't been collected in any Riot systems since then."

League of Legends hit the scene nearly four years ago, and in some ways completely flew under the radar for most casual observers of the gaming industry. However, in that short time frame, League quickly acquired millions of players that stay addicted to the evolution of the game, which derives from predecessors Warcraft III and Defense of the Ancients.

Riot Games isn't the only game maker that has come under attack from hackers. In 2011, LulzSec claimed responsibility for launching a distributed denial-of-service attack on ZeniMax, which makes Fallout 3, Doom, and Quake. And, the multiplayer role-playing game World of Warcraft fell prey to an exploit last year that killed off players as they were battling online. Ubisoft, the maker of Assassin's Creed, has also been hacked more than once. Most recently, in July, a Ubisoft security breach led to hackers accessing usernames, e-mail addresses, and encrypted passwords.

As for Riot Games, the company is instituting new security features, such as e-mail verification and two-factor authentication, and is also requiring users to change their passwords to "stronger ones that are much harder to guess."

"We are taking appropriate action to notify and safeguard affected players," Riot Games wrote. "We will be contacting these players via the e-mail addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players."