Hackers have accessed the League of Legends account information of some players based in Europe, say developers, Riot Games.
Billing and payment information was untouched, but the company has recommended all players make changes to their accounts as a precaution.
The specific security issue that the hackers exploited has been fixed, said Riot, which also launched an investigation into the breach.
“We’ve hired experts and are working with the relevant authorities to more thoroughly understand causes, culprits, and preventative measures to make future breaches less likely,” read a post on the official European LoL website.
The developer also stated that they would continue to invest in security measures, “including password hashing and data encryption, state-of-the-art firewalls, SSL, security ninjas, and other security measures” to make player information safer.
“We’ve been humbled by this experience and know that nothing guarantees the security of Internet-connected systems such as League of Legends. We can simply promise to try our very best to protect your data,” it said.
From the game’s European website:
“After thorough and urgent investigation with help from independent security experts, we have determined:
• Hackers gained access to certain personal player data contained in certain EU West and EU Nordic & East databases ; as a security precaution, we’re emailing all players on these platforms
• The most critical data accessed included email address, encrypted account password, summoner name, date of birth, and – for a small number of players – first and last name and encrypted security question and answer
• Absolutely no payment or billing information of any kind was included in the breach
• Even though we store passwords in encrypted form only, our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking.
We’ve fixed the specific security issue that hackers exploited.
Over the next 24 hours, we’ll be notifying all EUW and EUNE players via email; although only a portion of players might have been affected, we consider broader notification a good security precaution.
We’ll be updating this post with the latest on this situation and will monitor comments here for questions that require further clarification.
Our investigation into this issue is ongoing – we’ve hired experts and are working with the relevant authorities to more thoroughly understand causes, culprits, and preventative measures to make future breaches less likely.
We’ve redirected teams to quickly implement new security measures that will help improve the safety of your data.
We’ll continue to invest in security measures, including password hashing and data encryption, state-of-the-art firewalls, SSL, security ninjas, and other security measures to make your info safer.
We’ve been humbled by this experience and know that nothing guarantees the security of Internet-connected systems such as League of Legends. We can simply promise to try our very best to protect your data.
PLEASE CHANGE YOUR PASSWORDS
Please immediately change your account password by visiting the account management page , then clicking ‘change password’. If you use the same password for accounts on other services, you should change those passwords as well.
Please use a good password. We compared encrypted password hashes and discovered that 11 passwords were shared by over 10,000 players each. A double-digit percentage of individuals had the same password as at least one other person.
We encourage you to:
Keep it unique – use a different password for each important account
Make it long – at least 8 characters
Mix it up – use letters, numbers, and special characters
Hackers often send phishing emails to addresses that are captured in data thefts, so please be extra vigilant about emails containing attachments or links.”