A recent slew of security failures have left countless accounts hacked at sites like Linkedin and eHarmoney. Now League of Legends is the latest database to suffer from hackers this week.
Riot has sent out a mail to registered League of Legends players in Europe, asking them to change their passwords due to a hackers accessing some player account information. Full details are below, but know that according to Riot,” absolutely no payment or billing information of any kind was included in the breach.” but email addresses, encrypted account password, summoner name, date of birth, and for a small number of players – first and last name and encrypted security question and answer.
Obviously, this information could be used in phishing scams. Riot Games does encrypt passwords through it warns “our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking”. Marc Merrill and Brandon Beck posted an update on the situation, as well as a formal apology which you can read below.
As these things go, Riot appears to be handling this embarrassing situation relatively well. There's no info yet on exactly when the breach took place.
Finally, Riot's Marc Merrill Brandon Beck have apologised to players for the breach, saying "We take your privacy and security seriously, and we're working diligently to improve it for the better."