A hacker in Australia managed to make over $1,000 a day from accounts he stole from League of Legends databases.
With popularity comes potential vulnerability, as Riot Games continues to learn. In 2011 Riot Games’s European server suffered a cyber attack where hackers made off with over 120,000 transaction records. Flash-forward to 2013 where another security breach occurred, this time on Riot’s North American servers.
It looks like one person, Shane Duffy, was responsible for both intrusions.
Duffy, who went by the alias “Jason,” was able to gain access to over 24.5 million accounts after obtaining password information through a brute-force attack on a senior member working at Riot. He first started using the information he gained from his hacks by kicking top players from the game like James “Phantoml0rd” Varga during one of his Twitch streams. He even transferred Phantoml0rd’s account to Brazil so Varga’s games would lag.
Duffy continued to have fun with other players, going on streams and threatening to reveal people’s personal information while also stating “I am God, Jason.” He gained admin access to the League of Legends forums and edited moderators’ posts to confuse the community. Duffy even managed to log into Riot President Marc Merrill’s Twitter account one day to leak internal information on an unreleased game he found during his hacks.
He was arrested in March 2014 by the Australian Cybercrime Unit. Before his arrest, he would sell legacy skins that were discontinued–but he obtained illegally–for $200 to $800 each. After he was let out on bail, he created a website called LoLip-op.com where people could pay to kick any one of those 24.5 million accounts and even setup DDoS attacks on players to help the buyer win matches. The site netted Duffy $1,000 or more a day. He was arrested again soon after and the police managed to seize $110,000 of Bitcoin from his records.
Shane Duffy is 21-years-old and has been homeschooled since fourth grade because according to his mother “the education system did not want him” due to his Asperger condition. He allegedly worked with a group of hackers who are still unknown, and he says they’re responsible for other hacks like ones on Neopets and the Curse Network forums. He’s been charged with three counts of computer hacking and misuse as well as several counts of fraud. He will have his day in court on July 24th.