European League of Legends game players have their account data compromised

League of Legends developer notifies users that hackers have breached its European databases

Hackers have stolen account data from the European servers of popular real-time strategy game League of Legends (LoL), the game's developer, Riot Games, announced on Saturday.

According to figures published by Riot in November 2011, there are over 32 million registered accounts on the three LoL servers: North America, EU West (EUW) and EU Nordic & East (EUNE).

"Hackers gained access to certain personal player data contained in certain EU West and EU Nordic & East databases," Riot Games founders Marc Merrill and Brandon Beck wrote in a blog post on Saturday.

The compromised account data included email addresses, encrypted passwords, player names and dates of birth. No payment or billing information was exposed as a result of this security breach, Merrill and Beck said.

For a small number of players, their first and last names, as well as their encrypted security questions and answers, were also compromised. However, security questions and answers are no longer used in LoL's account recovery process, the Riot co-founders said.

Not all EUW and EUNE accounts were affected, but the company decided to notify all players using those servers via email as a precaution.

Riot did not specify when or how the breach occurred, citing an ongoing investigation performed by outside security experts and law enforcement authorities. However, its notification was otherwise frank and helpful, said Paul Ducklin, the head of technology for the Asia Pacific region at antivirus vendor Sophos.

Unlike other companies that suffered data breaches in the past, Riot published a short analysis of the compromised passwords. "Even though we store passwords in encrypted form only, our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking," Merrill and Beck said.

Furthermore, a double-digit percentage of individuals used the same password as other users and 11 particular passwords were shared by over 10,000 players each, the Riot co-founders said.

"What this almost certainly means is that the security investigators set about cracking the password database themselves -- with suitable authorisation, of course -- as a way of judging what sort of advice to give," Ducklin said. "If they could quickly recover half the passwords, so could a hacker."

Affected users were advised to change their passwords on the LoL website, as well as on any other website where they might have used them. Passwords should be unique for every important account, they should consist of 8 or more characters and should be a mix of letters, numbers, and special characters, Merrill and Beck said.

Users were also warned to be on the lookout for possible phishing emails claiming to originate from Riot and seeking more information. Such emails are a common occurrence following data breach incidents.

The League of Legends data breach notification follows similar announcements from LinkedIn, eHarmony and Last.fm, which alerted their users last week that their account passwords might have been compromised.

It is very important for users to limit the impact of such security breaches by using unique passwords for every online account. There are free password management applications that simplify the task of working with multiple passwords.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?