One of the most-played games in the world recently suffered a security breach.
Developer Riot Games released a blog post yesterday that revealed hackers accessed sensitive information relating to its competitive multiplayer title League of Legends. Someone was able to access usernames, email addresses, passwords, and real names. The passwords are salted and hashed, which means they are unreadable, but Riot warns that the users with simple passwords are more vulnerable to account theft.
Riot also revealed that the cyber criminals were able to access up to 120,000 transaction records that contained encrypted credit card numbers.
“The payment system involved with these records hasn’t been used since July 2011, and this type of payment card information hasn’t been collected in any Riot systems since then,” Riot president Marc Merrill wrote in the blog. “We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing, and we will take all necessary steps to protect players.”
We’ve contacted Riot, but the company isn’t divulging how this happened. A spokesperson would only tell GamesBeat that “some systems were compromised.”
To deal with future security issues, Riot plans to implement new password complexity requirements and two-factor authentication. Riot is also mandating a password reset for all of its North American users.