Welcome to the Forum Archive!

Years of conversation fill a tonne of digital pages, and we've kept all of it accessible to browse or copy over. Whether you're looking for reveal articles for older champions, or the first time that Rammus rolled into an "OK" thread, or anything in between, you can find it here. When you're finished, check out Boards to join in the latest League of Legends discussions.

GO TO BOARDS


League of Legends Account Security Alert

Comment below rating threshold, click here to show it.

Tryndamere

President / Co-Founder

Follow MarcMerrill on Twitter

06-08-2012

Keeping player information secure is very important to Riot. That's why we're sorry to share that hackers accessed some player account information.

Scope

After a thorough and urgent investigation with help from independent security experts, we have determined:

  • Hackers gained access to certain personal player data contained in certain EU West and EU Nordic & East databases ; as a security precaution, we're emailing all players on these platforms
  • The most critical data accessed included email address, encrypted account password, summoner name, date of birth, and – for a small number of players – first and last name and encrypted security question and answer. (Note: Security question and answer are no longer used in our account recovery process.)
  • Absolutely no payment or billing information of any kind was included in the breach

Even though we store passwords in encrypted form only, our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking.

Our actions:
  • We've fixed the specific security issue that hackers exploited.
  • Over the next 24 hours, we'll be notifying all EUW and EUNE players via email; although only a portion of players might have been affected, we consider broader notification a good security precaution.
  • We'll be updating this post with the latest on this situation and will monitor comments here for questions that require further clarification.
  • Our investigation into this issue is ongoing – we've hired experts and are working with the relevant authorities to more thoroughly understand causes, culprits, and preventative measures to make future breaches less likely.
  • We've redirected teams to quickly implement new security measures that will help improve the safety of your data.
  • We'll continue to invest in security measures, including password hashing and data encryption, state-of-the-art firewalls, SSL, security ninjas, and other security measures to make your info safer. We've been humbled by this experience and know that nothing guarantees the security of Internet-connected systems such as League of Legends. We can simply promise to try our very best to protect your data.

Please change your passwords
  • Please immediately change your account password by visiting the account management page at https://euw.leagueoflegends.com/account, then clicking "change password." If you use the same password for accounts on other services, you should change those passwords as well.
  • Please use a good password. We compared encrypted password hashes and discovered that 11 passwords were shared by over 10,000 players each. A double-digit percentage of individuals had the same password as at least one other person. We encourage you to:
    -Keep it unique -- use a different password for each important account
    -Make it long -- at least 8 characters
    -Mix it up -- use letters, numbers, and special characters
  • Hackers often send phishing emails to addresses that are captured in data thefts, so please be extra vigilant about emails containing attachments or links.

We're sorry

Brandon and I want to sincerely and personally apologize to you for this situation. We take your privacy and security seriously, and we're working diligently to improve it for the better.

Thank you,

Marc Merrill
Brandon Beck


Comment below rating threshold, click here to show it.

Gragas is love

Senior Member

06-08-2012

I realy hope that the number of people afected isn't that big, thanks for explaining what actions are being taken in order to avoid more cases in the future.
I wish you good luck with your investigation, and i hope you can improve the security measures. We live in a crazy world, that can strike us in the back when we least expect, all caution is never enough.


Comment below rating threshold, click here to show it.

Tanuel Mategi

Senior Member

06-08-2012

Dear Riot,

you have proven to be worthy to get some respect from your community. Its very important to inform your players about the issue and i really want to thank you for this post!
Also a good idea to send the mails so everybody will know it.


Comment below rating threshold, click here to show it.

Psyduckxoxo

Junior Member

06-08-2012

You have the guts to tell us


Comment below rating threshold, click here to show it.

Riot Lomar

Legal Counsel

06-08-2012

We're actually in the process of sending e-mails out to all players on EUW and EUNE right now.

This is something we are taking incredibly seriously. We appreciate your support with this - and rest assured we're doing everything possible to ensure your sensitive information is secured.


Comment below rating threshold, click here to show it.

Phrebbie

Senior Member

06-08-2012

Good job informing us.

Did it take you long to figure out the breach? How long were they able to get player info until you stopped them? This might give us an estimate how much they actually got. ^^

Just wondering if its been going on for some time or just recently happened basically.

Thanks riot.


Comment below rating threshold, click here to show it.

Gragas is love

Senior Member

06-08-2012

Quote:
Riot Lomar:
We're actually in the process of sending e-mails out to all affected players right now.

This is something we are taking incredibly seriously. We appreciate your support with this - and rest assured we're doing everything possible to ensure your sensitive information is secured.


I didn't expect less than a very serious attitude from riot regarding this problem. This kind of problems can and already destroyed some companies. i would hate to see anything happening to riot games, and league of legends, and from a legal point of view, if the hackers gain access to bank account information, it could be very very bad.

Keep on working as mutch as you can to protect us and yourself from this problems.


Comment below rating threshold, click here to show it.

M4dr4c

Member

06-08-2012

Personally I found this post really really scary. Not the part where you were hacked and my account stuff might be compromised but the following:
Please use a good password. We compared encrypted password hashes and discovered that 11 passwords were shared by over 10,000 players each. A double-digit percentage of individuals had the same password as at least one other person.

I just cant believe ppl pick so bad passwords... That part scared me.


Comment below rating threshold, click here to show it.

Riot Lomar

Legal Counsel

06-08-2012

There are more details forthcoming in the email to affected players - stay tuned.


Comment below rating threshold, click here to show it.

Exacerberus

Senior Member

06-08-2012

Quote:
Riot Lomar:
There are more details forthcoming in the email to affected players - stay tuned.
Okey, ty, checking mail. Yet I'd like to know: do we have to change our passwords even if our account doesn't seem to be compromised I guess... ain't it?