June 12, 2012

Hackers Claim League Of Legends Players Information

Lee Rannals for

The silence of online attacks has been broken, as hackers compromise data from League of Legends game players.

Last year, it seemed as though hacktivist groups like Anonymous and LulzSec were running the media due to how many headlines online security breaches kept making. This year, those headlines have been slimmer than last, but over the week, online companies had to change their "this many days without an accident" number back to zero.

Riot Games announced on Saturday that its servers for the popular real-time strategy game League of Legends (LoL) was breached, compromising its users' data.

In November 2011, Riot said it had over 32 million registered accounts on three LoL servers, including servers in North American and Europe. The company said that its European servers were the ones that were compromised.

"Hackers gained access to certain personal player data contained in certain EU West and EU Nordic & East databases," Riot Games founders Marc Merrill and Brandon Beck wrote in a blog post on Saturday.

The account data obtained by the hackers includes email addresses, encrypted passwords, player names and dates of birth. The data did not include billing or payment information such as credit card numbers.

The European servers did not affect all players on the continent, but all the users were warned through email as a precaution.

Riot said a double-digit percentage of individuals used the same password as other users, and 11 particular passwords were shared by over 10,000 players each.

Users who were affected by the breach are being advised to change their passwords on the LoL website, as well as other websites that are associated with the same information that was stolen.

Merrill and Beck said passwords should be unique for every important account, and they should consist of 8 or more characters, with a mix of letters, numbers, and special characters.

"Even though we store passwords in encrypted form only, our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking," Merrill and Beck said.

“We'll continue to invest in security measures, including password hashing and data encryption, state-of-the-art firewalls, SSL, security ninjas, and other security measures to make your info safer,” the co-founders wrote. “We've been humbled by this experience and know that nothing guarantees the security of internet-connected systems such as League of Legends. We can simply promise to try our very best to protect your data.”