The popular multiplayer game League of Legends was breached, allowing hackers to steal confidential data of some North American players. Users should immediately change their log in credentials.
Game publisher Riot Games confirmed the incident in a blog post and said unauthorized persons managed to grab customer critical information, including real names, usernames, e-mail addresses and salted password hashes of multiple League of Legends players.
Image credit: League of Legends
The company is additionally looking into some 120,000 transaction records from 2011 that apparently also contained hashed and salted credit card numbers to see if they were accessed as well.
â€œThe payment system involved with these records hasn’t been used since July of 2011, and this type of payment card information hasn’t been collected in any Riot systems since then. We are taking appropriate action to notify and safeguard affected players.â€ reads the company blog post. â€œOur investigation is ongoing and we will take all necessary steps to protect players.â€
To prevent this kind of security issue, Riot Games is working to implement two further security features: e-mail validation with a valid e-mail address and two-factor authentication for any changes to the account.
The company strongly recommends all North America clients change their passwords to protect themselves against foul play or future account-theft attempts.
The company offers in its blog post a link to be used for password change, and it will automatically prompt users to change passwords when they log in into their games. Don’t answer e-mails allegedly coming from Riot Games requesting a stronger password.