Skip to main content

Hackers attack League of Legends databases, steal user data

Hackers have attacked the servers of Riot Games, creators of the popular free-to-play League of Legends title game forces players (and their NPC armies) to square off in corridor-based killing fields. Here's the good news: "No payment or billing information of any kind was included in the breach," according to Riot Games president Marc Merrill and CEO Brandon Beck.

Riot Games has managed to fix whatever undisclosed exploit the hackers used to gain access to the company's cache of player information. Only the company's databases for players on its EU West or EU Nordic & East servers appear to have been affected, and all of these gamers will soon receive an email alerting them to that fact.

"The most critical data accessed included email address, encrypted account password, summoner name, date of birth and - for a small number of players - first and last name and encrypted security question and answer," Merrill and Beck wrote.

Riot Games is advising players that they should change their account passwords and, if they were lazy enough to use their League of Legends login credentials on other sites, to change passwords there as well.

Additionally, warn Merrill and Beck, "Please use a good password."

"We compared encrypted password hashes and discovered that 11 passwords were shared by over 10,000 players each. A double-digit percentage of individuals had the same password as at least one other person," they wrote.

Riot Games suggests that players use unique passwords for their League of Legends accounts that are at least eight characters long and a mix of letters, numbers and special characters. Players should also be mindful of any new phishing attempts that might be coming through their email as a result of the attack - watch for unusual emails with links that don't quite seem right, or emails with attachments that came into one's inbox unexpectedly.

"We've been humbled by this experience and know that nothing guarantees the security of Internet-connected systems such as League of Legends," Merrill and Beck wrote. "We can simply promise to try our very best to protect your data.