Sections

League of Legends hacked, encrypted credit card details compromsied

Wednesday, 21st August 2013 00:41 GMT By Brenna Hillier

Although the information obtained by the hackers was encrypted, Riot Games has confirmed that a recent League of Legends security breach got as far as credit card details.

North American account holders were affected, with the hackers gaining access to usernames, email addresses, salted password hashes, and some first and last names.

“Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed,” Riot wrote in an announcement post.

“The payment system involved with these records hasn’t been used since July of 2011, and this type of payment card information hasn’t been collected in any Riot systems since then. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.”

Although encryption means most users will be fine, if you have an easily guessed password you are definitely at risk. In any case, all players should change their passwords immediately.

Riot is now in the process of introducing email verification for new registrations and account changes, and two-factor authentication via email or SMS.

Thanks, Kotaku.

Latest

5 Comments

  1. taylorlauder

    Imagine if this sh!t happens to Steam.

    #1 1 year ago
  2. alterecho

    @1 Was thinking the same. GOG.com has the best payment system i’ve come across. It doesn’t save your card details at all.

    #2 1 year ago
  3. OwnedWhenStoned

    Typo… compromsied

    #3 1 year ago
  4. TheWulf

    @2

    Or you could just be intelligent and use PayPal. PayPal has a lot at stake when it comes to encryption and secure data storage, and even if they do get hacked then they have systems in place to ensure that the damage done is minimal. I feel safer with them than I do with credit cards.

    And frankly, if an account ends up in the hands of someone it shouldn’t, all they know is that I used PayPal to buy some stuff. And nothing more.

    #4 1 year ago
  5. Hcw87

    Steam doesn’t store your credit card info unless you specifically tell them to do so after a purchase.

    Even so it’s easy to wipe that information too.

    #5 1 year ago

Comments are now closed on this article.