League of Legends Security Alert
North American League of Legends accounts and card details have been compromised.
The day many of us feared has finally come, League of Legends has been hacked. Developer Riot reports North American accounts have been compromised, including "120,000 transaction records from 2011 that contained hashed and salted credit card numbers". Riot will be prompting account holders to change their password.
Posting on the official League of Legends website, Riot Games announced that “usernames, email addresses, salted password hashes, and some first and last names were accessed,” they continue:
"Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn't been used since July of 2011, and this type of payment card information hasn't been collected in any Riot systems since then. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.”
North American players with weak passwords are urged to create stronger passwords within 24 hours. If you are uncertain Riot advises that you consult the player support knowledge base or contact player support directly.
In the wake of this unfortunate news, and following constant imploring from the community, Riot has announced new security features that are under development: a valid email address on registration and the standard two-factor authentication via email or SMS upon password changes.
In my view, it’s frustrating that it has taken this long for the most popular online game to evolve beyond the bare minimum account security. On almost a weekly basis, the community has taken to Reddit with drawn pitchforks and torches demanding Riot beef up security, it seems after this they have no other option.
We advise all users to change their password as an extra precaution, whether you are from North America or Europe, especially if you are like myself and have an account in both regions.
Update: As expected, Riot has extended a mandatory password reset to Europe as well. Upon logging in you will be greeted by a message asking you to create a stronger password immediately.
Keep safe summoners. You can read the full announcement here.