The president of Riot Games, Marc Merrill, who is better known by his Internet handle Tryndamere, outlined the scope of the hack in a post on the European League of Legends forums.
After a thorough and urgent investigation with help from independent security experts, we have determined:
- Hackers gained access to certain personal player data contained in certain EU West and EU Nordic & East databases; as a security precaution, we’re emailing all players on these platforms
- The most critical data accessed included email address, encrypted account password, summoner name, date of birth, and – for a small number of players – first and last name and encrypted security question and answer. (Note: Security question and answer are no longer used in our account recovery process.)
- Absolutely no payment or billing information of any kind was included in the breach
Fortunately for League of Legends players, this was the extent of the hack, as Riot employee Bellisimoh confirmed.
Just to be absolutely clear. No credit card, billing information, or payment related information of any kind was stolen during this hacking incident.
Riot Games has yet to make a statement on any further development of the hack. It encourages users who are on the affected servers to change their passwords immediately and to keep an eye out for any incoming phishing e-mails.
Analysis: While this particular leak seems to be fairly limited in scope, it is pretty concerning that such a large company like Riot Games could be hacked in this way. With the runaway success of League of Legends, Riot Games is now an immensely profitable company that operates one of the most high-profile e-sports behind StarCraft. To see such a huge company fall to a hack is just a reminder that even the biggest boys on the block can run into trouble with hackers, including massive companies like Sony.
I’m a little curious as to whether or not they’ve discovered who’s behind the hack, but to me, this just looks like a clear attempt to steal financial information from a company that stores tons and tons of financial information. The hackers were probably hoping that, by getting access to a personal private information server, they were getting credit cards and valuable things like that. However, it seems like they were unsuccessful in the end, luckily for European League of Legends players.