Riot Games has put out a security update today informing all League of Legends players that their servers were briefly compromised. While it appears as only North American account information was put at risk, this doesn't make the situation any less severe. The hackers gained access to information such as usernames, email addresses, salted password hashes, and some first and last names. For those who don't know, salted password hashes are a companies way of encrypting passwords, so while this means that the intruders don't know your password, if it was easily guessable, they don't have much work to do. Therefore, Riot is emailing everyone who was affected by this issue and alerting them of the proceedings.
The developer is also requiring that all accounts on North American servers, reset their passwords which now have more requirements in place to make them more difficult to crack. Additionally, the team is currently working on two other features that should help with security:
- Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
- Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.
On top of this, around 120,000 transaction records from 2011 which contained hashed and salted credit card numbers were accessed. And while this system is outdated and no longer used, Riot is reaching out to everyone affected by this. "Our investigation is ongoing and we will take all necessary steps to protect players," the company said.
"We’re sincerely sorry about this situation. We apologize for the inconvenience and will continue to focus on account security going forward."