One of the most-played games in the world recently suffered a security breach.

Developer Riot Games released a blog post yesterday that revealed hackers accessed sensitive information relating to its competitive multiplayer title League of Legends. Someone was able to access usernames, email addresses, passwords, and real names. The passwords are salted and hashed, which means they are unreadable, but Riot warns that the users with simple passwords are more vulnerable to account theft.

Riot also revealed that the cyber criminals were able to access up to 120,000 transaction records that contained encrypted credit card numbers.

“The payment system involved with these records hasn’t been used since July 2011, and this type of payment card information hasn’t been collected in any Riot systems since then,” Riot president Marc Merrill wrote in the blog. “We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing, and we will take all necessary steps to protect players.”


Three top investment pros open up about what it takes to get your video game funded.

Watch On Demand

We’ve contacted Riot, but the company isn’t divulging how this happened. A spokesperson would only tell GamesBeat that “some systems were compromised.”

To deal with future security issues, Riot plans to implement new password complexity requirements and two-factor authentication. Riot is also mandating a password reset for all of its North American users.

GamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. Learn More