European League of Legends game players have their account data compromised

League of Legends developer notifies users that hackers have breached its European databases

Hackers have stolen account data from the European servers of popular real-time strategy game League of Legends (LoL), the game's developer, Riot Games, announced on Saturday.

According to figures published by Riot in November 2011, there are over 32 million registered accounts on the three LoL servers: North America, EU West (EUW) and EU Nordic & East (EUNE).

"Hackers gained access to certain personal player data contained in certain EU West and EU Nordic & East databases," Riot Games founders Marc Merrill and Brandon Beck wrote in a blog post on Saturday.

The compromised account data included email addresses, encrypted passwords, player names and dates of birth. No payment or billing information was exposed as a result of this security breach, Merrill and Beck said.

For a small number of players, their first and last names, as well as their encrypted security questions and answers, were also compromised. However, security questions and answers are no longer used in LoL's account recovery process, the Riot co-founders said.

Not all EUW and EUNE accounts were affected, but the company decided to notify all players using those servers via email as a precaution.

Riot did not specify when or how the breach occurred, citing an ongoing investigation performed by outside security experts and law enforcement authorities. However, its notification was otherwise frank and helpful, said Paul Ducklin, the head of technology for the Asia Pacific region at antivirus vendor Sophos.

Unlike other companies that suffered data breaches in the past, Riot published a short analysis of the compromised passwords. "Even though we store passwords in encrypted form only, our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking," Merrill and Beck said.

Furthermore, a double-digit percentage of individuals used the same password as other users and 11 particular passwords were shared by over 10,000 players each, the Riot co-founders said.

"What this almost certainly means is that the security investigators set about cracking the password database themselves -- with suitable authorisation, of course -- as a way of judging what sort of advice to give," Ducklin said. "If they could quickly recover half the passwords, so could a hacker."

Affected users were advised to change their passwords on the LoL website, as well as on any other website where they might have used them. Passwords should be unique for every important account, they should consist of 8 or more characters and should be a mix of letters, numbers, and special characters, Merrill and Beck said.

Users were also warned to be on the lookout for possible phishing emails claiming to originate from Riot and seeking more information. Such emails are a common occurrence following data breach incidents.

The League of Legends data breach notification follows similar announcements from LinkedIn, eHarmony and Last.fm, which alerted their users last week that their account passwords might have been compromised.

It is very important for users to limit the impact of such security breaches by using unique passwords for every online account. There are free password management applications that simplify the task of working with multiple passwords.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?