League of Legends account, old financial info hacked
Update your password
League of Legends got backdoored. Riot Games sent out an update to North American players today warning that the online game's account information including encrypted credit card numbers and passwords may have been illegally accessed.
About 120,000 transaction records from 2011 containing hashed and salted credit card information were compromised. Your info is only at risk if you made purchases through the system before July of that year, though it should be difficult if not impossible to decrypt. Riot said it plans to notify affected players by email and take appropriate action to safeguard them.
Aside from the older system, current account information including usernames, email addresses, encrypted passwords, and even some first and last names were accessed. Players with easy-to-guess passwords (that's you, passw0rd and abcd1234) are still vulnerable to brute-force guesses. With that in mind, all North American players must reset their passwords within the next 24 hours.
Riot said it is working on email verification and two-factor authentication, both industry standard security features, for future implementation.
Sign up to the GamesRadar+ Newsletter
Weekly digests, tales from the communities you love, and more
I got a BA in journalism from Central Michigan University - though the best education I received there was from CM Life, its student-run newspaper. Long before that, I started pursuing my degree in video games by bugging my older brother to let me play Zelda on the Super Nintendo. I've previously been a news intern for GameSpot, a news writer for CVG, and now I'm a staff writer here at GamesRadar.