League of Legends hacked, users’ information stolen, passwords reset

League of LegendsNorth American players of the “League of Legends” video game may have had their personal information accessed, the company behind the popular online game has warned.

Riot Games has warned players that account information including usernames and email addresses were accessed by hackers, alongside salted password hashes.

The security of your information is critically important to us, so we’re really sorry to share that a portion of our North American account information was recently compromised.

What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.

In addition, the game company warns, approximately 120,000 transaction records containing hashed and salted credit card numbers were accessed from an old payment system that Riot Games used until July 2011.

Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn’t been used since July of 2011, and this type of payment card information hasn’t been collected in any Riot systems since then. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.

Only North American account holders are said to be affected.

Advisory for League of Legends players

The firm is clearly worried that some players may have passwords that are easy for hackers to crack, and so is resetting users’ passwords and requiring them to choose stronger, harder-to-guess passwords.

In addition, Riot Games says that it is working on additional security systems including email verification for account changes and two-factor authentication. There is no time scale as to when these features might be introduced.

Sign up to our free newsletter.
Security news, advice, and tips.

An obvious risk, of course, is that some users’ passwords might be cracked alongside their other personal information. That opens the door for other attacks, if game players have used the same password on multiple websites.

If you do make the mistake of reusing passwords, you are running the risk of having hackers using it to unlock your other online accounts.

If you find passwords a burden – simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.

Another risk for exposed League of Legends players is that of being targeted by phishing and other email attacks, by cybercriminals tailoring messages designed to appeal to gamers and spamming them out to the long list of email addresses that has been stolen.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “League of Legends hacked, users’ information stolen, passwords reset”

  1. Josh

    Not just that! There is also an bot that is been spreading on youtube that they coded that got into their system now lot of people are just not paying for riot points….the game has become a full hacking!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.