League of Legends, an online RPG game that has gained a lot of momentum among casual and hardcore players in the last few years, was recently hacked.
Riot Games, who owns and maintains League of Legends, announced earlier this week that usernames, e-mail addresses, first and last names, passwords, and some “salted” credit card numbers had been accessed and successfully stolen. While encrypted data is difficult to decode in many cases if users have easy passwords without capital letters, numbers, or symbols, their accounts and information may be at risk.
Users that were affected only live in North America and those who spend money on the game – that is, have their credit card numbers on file – are at risk. Though the credit card information is obviously the most alarming thing that happened, the records stolen were from before 2011.
“We are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn’t been used since July of 2011, and this type of payment card information hasn’t been collected in any Riot systems since then,” wrote a Riot representative on the Riot blog, which can be read in full here.
League of Legends only opened its doors four years ago, and in that small time frame, it has acquired millions upon millions of players. While the game does “evolve” like several other MMORPGs, the game play and plots are “more intriguing” to the gaming community. Business owners, casuals, experts, teens and parents alike have joined the ranks of the League, partially because of their excellent customer service and frequent freebies.
For now, Riot Games is investigating new security features, like e-mail verification and two-factor authentication. In addition, every North American account will be required to change their password in the next 48 hours to something stronger and more difficult to guess.
“We are taking appropriate action to notify and safeguard affected players,” the Riot Game blog stated. “We will be contacting these players via the e-mail addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.”