The popular MOBA developed by Riot Games League of Legends has pulled in millions of players since launching in 2009. The free-to-play game only seems to grow more popular with age, but its popularity might have turned it into a target. Earlier this month, Riot Games announced that the game had been affected by a cyberattack. After a bit of detective work, the team has finally revealed the League of Legends source code has been hacked and leaked by attackers.
‘League of Legends’ source code hack didn’t release any personal information.
While plenty of important information was released in the attack, Riot Games “remain[s] confident” that no player information was compromised. That means you won’t have to rush around updating your passwords – although it probably wouldn’t hurt. Unfortunately, the game’s entire source code seems to have been exfiltrated along with a legacy anti-cheat platform.
To make matters worse, Riot Games confirmed it received a ransom email (although the team won’t negotiate with the hackers). The studio goes on to explain that this hack will likely result in the creation of new cheats for League of Legends, as having access to the game’s source code makes it easier to develop programs capable of circumventing its existing anti-cheat software. It may also have consequences for future builds, as several “experimental features” were part of the hack.
Riot Games claims it has been working around the clock to mitigate any damage caused by the hack. The studio announced it has contacted law enforcement, is continuing to evaluate how the breach occurred, and is working with external experts to help limit the game’s exposure. Riot will also be keeping a close eye on the community for new cheats that arise from the leak.
If things go as planned, all systems will be back online soon and LoL's regular updates will continue without impact.
Riot Games was reportedly hacked through social engineering scheme.
While Riot Games hasn’t released specific details, it has revealed that a social engineering scheme was behind the attack. These types of attacks focus on human interactions to gather information, which can then be used to access restricted systems. In other words, it’s possible a phishing email sent to a worker at Riot Games allowed a hacker to gather confidential information and bypass security.
Beyond League of Legends, Teamfight Tactics source code was also included in the attack. It’s clear Riot Games will be busy dealing with the aftermath of the hack for quite some time – although they’re optimistic that they’ll be able to stay on track for both games’ usual update cadence. To stay informed on the team’s progress, be sure to follow the official Riot Games Twitter account.