Welcome to the Forum Archive!

Years of conversation fill a tonne of digital pages, and we've kept all of it accessible to browse or copy over. Whether you're looking for reveal articles for older champions, or the first time that Rammus rolled into an "OK" thread, or anything in between, you can find it here. When you're finished, check out Boards to join in the latest League of Legends discussions.

GO TO BOARDS


League of Legends Account Security Alert

Comment below rating threshold, click here to show it.

CynicalEffect

Senior Member

06-08-2012

Good that you're taking it seriously.

Bad that all the bad stuff happens to the EU servers. T_T


Comment below rating threshold, click here to show it.

MikeWhelan2

Junior Member

06-08-2012

Why hasnt the Rune page price change topic had a red post yet? offtopic i know


Comment below rating threshold, click here to show it.

Draker88

Recruiter

06-08-2012

Thanks riot for telling us the situation.
I'm honestly worried, in part this is "unacceptable" just because, they got informations about our emails and passwords. It is kinda frustrating to change EVERY single password, some of us most probably had subscribed to many things in the previous years.. I'm happy that you let us know at least. Just work to improve the service if it's possible, i've been playing league for a while now and i don't really want to think that im going to be hacked soon.
Hope something will be done for us, that's a bad news.. So sad.


Comment below rating threshold, click here to show it.

Gnubbles

Senior Member

06-08-2012

As a web developer I have to ask the question:

Why don't you use E-Mail token confirmation for changing passwords and E-Mail address?

This in itself is a fundamental flaw with your system, it should take no longer than 2-3 hours create this system for scratch, I've done it for many companies that earn nothing compared to you, it's such a simple addition that gives a huge boost to yours and our security.

I understand this likely has nothing to do with the cause of the security breach, I understand there are flaws and oversights in your current system that will unavoidably pop up and need to be dealt with, I ask this question as it's one of the things that really bugs me about this game, I don't even get so much as a notification E-Mail telling me of a password update.


Comment below rating threshold, click here to show it.

Rerdan

Senior Member

06-08-2012

Quote:
Gnubbles:
As a web developer I have to ask the question:

Why don't you use E-Mail token confirmation for changing passwords and E-Mail address?

This in itself is a fundamental flaw with your system, it should take no longer than 2-3 hours create this system for scratch, I've done it for many companies that earn nothing compared to you, it's such a simple addition that gives a huge boost to yours and our security.

I understand this likely has nothing to do with the cause of the security breach, I understand there are flaws and oversights in your current system that will unavoidably pop up and need to be dealt with, I ask this question as it's one of the things that really bugs me about this game, I don't even get so much as a notification E-Mail telling me of a password update.


You do make a good point there, good Sir.

I've just changed my e-mail associated to my account to the same e-mail just to check if it's correct and I've received no notification also. Which means I'm not even sure if (for instance) I mistyped the e-mail, or something.

Yup, that should be implemented.


Comment below rating threshold, click here to show it.

Folti Vitriolic

Junior Member

06-08-2012

I've got an emergency! a friend pleased me to write this: please check supportticket #2397490 ,since his account got hacked plz!


Comment below rating threshold, click here to show it.

AcidPT

Senior Member

06-08-2012

Well i didn't received email but i still changed my password


Comment below rating threshold, click here to show it.

Keywolf

Junior Member

06-08-2012

Oh my Gmail had someone access it from Brazil, great! Time to go change some passwords and go do all the security stuff I tell other people to do -.-


Comment below rating threshold, click here to show it.

X Estarion X

Senior Member

06-08-2012

Quote:
Keeping player information secure is very important to Riot


Yet you don't employ people who will show you how and where they can find loopholes in your security system so this won't happen.

They stress it is VERY important to them, obviously not, also they can't crack 128 bit encryption without the encryption key, they would have to use encryption that is vunerable to a 'Brute Force' attack something like 16 bit encryiption that they hadn't updated as League Of Legends has grown as a game ...
**** it, if it's really that important put a 2048 Bit encryption on it, I don't care just this **** is broken, fair enough if you have a Darius that can steal every kill in the game, I can deal with that Fine. But this ... What if it was our billing information ?
Unless your actually lying about the passwords being encrypted, it's just simple stuff that you havn't done, as well as the comment about email verification to change your passwords, I have never seen a big company not use this, but yours doesn't.

So just as a summery, if you haven't been fixing Evelynn and you have not been updating your security systems, just what the **** have you been doing ?


Comment below rating threshold, click here to show it.

GGoDeath

Recruiter

06-08-2012

not thilled about this, i got one of them emails, i suppose you guys didnt do anything wrong, and theft is theft, grumble grumble...