All North American League of Legends players will be prompted to change their passwords.
Just a heads up that Riot Games has reported that a portion of North American League of Legends account information was recently compromised. Usernames, email addresses, salted password hashes, and some first and last names were accessed. Riot claims that “salted password hashes” are unreadable, but players with easily-guessed passwords may have their accounts compromised. As a precaution, all North American players will soon be prompted to reset their passwords.
Additionally, Riot is investigating a theft of approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers. Again, Riot assures us that salted credit card numbers are “unreadable”, that the payment system involved with these records hasn’t been used since July of 2011, and that this type of payment card information hasn’t been collected in any Riot systems since then.
Riot says it is taking the necessary steps to notify and safeguard affected players, but it wouldn’t hurt to keep an eye on your credit card transactions in the near future if you have ever bought Riot Points from the League of Legends store.
As well as being prompted to change your password by Riot e-mail, you can manually do it yourself by clicking this link. Riot tells us that it is working on some additional security features to make sure this doesn’t happen again, such as e-mail verification for account changes, and mobile SMS authentication.
“We’re sincerely sorry about this situation. We apologize for the inconvenience and will continue to focus on account security going forward,” said Riot Games’ Marc Merrill and Brandon Beck.
Source: Riot Games