Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Hackers steal account data from League of Legends European server

League of Legends developer notifies users that hackers have breached its European databases

Article comments

Hackers have stolen account data from the European servers of popular real-time strategy game League of Legends (LoL), the game's developer, Riot Games, announced on Saturday.

According to figures published by Riot in November 2011, there are over 32 million registered accounts on the three LoL servers: North America, EU West (EUW) and EU Nordic & East (EUNE).

"Hackers gained access to certain personal player data contained in certain EU West and EU Nordic & East databases," Riot Games founders Marc Merrill and Brandon Beck wrote in a blog post on Saturday.

The compromised account data included email addresses, encrypted passwords, player names and dates of birth. No payment or billing information was exposed as a result of this security breach, Merrill and Beck said.

Half of passwords simple enough to crack 

For a small number of players, their first and last names, as well as their encrypted security questions and answers, were also compromised. However, security questions and answers are no longer used in LoL's account recovery process, the Riot co-founders said.

Not all EUW and EUNE accounts were affected, but the company decided to notify all players using those servers via email as a precaution.

Riot did not specify when or how the breach occurred, citing an ongoing investigation performed by outside security experts and law enforcement authorities. However, its notification was otherwise frank and helpful, said Paul Ducklin, the head of technology for the Asia Pacific region at antivirus vendor Sophos.

Unlike other companies that suffered data breaches in the past, Riot published a short analysis of the compromised passwords. "Even though we store passwords in encrypted form only, our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking," Merrill and Beck said.

Furthermore, a double-digit percentage of individuals used the same password as other users and 11 particular passwords were shared by over 10,000 players each, the Riot co-founders said.

"What this almost certainly means is that the security investigators set about cracking the password database themselves - with suitable authorisation, of course - as a way of judging what sort of advice to give," Ducklin said. "If they could quickly recover half the passwords, so could a hacker."

Look out for phishing emails 

Affected users were advised to change their passwords on the LoL website, as well as on any other website where they might have used them. Passwords should be unique for every important account, they should consist of 8 or more characters and should be a mix of letters, numbers, and special characters, Merrill and Beck said.

Users were also warned to be on the lookout for possible phishing emails claiming to originate from Riot and seeking more information. Such emails are a common occurrence following data breach incidents.

The League of Legends data breach notification follows similar announcements from LinkedIn, eHarmony and Last.fm, which alerted their users last week that their account passwords might have been compromised.

It is very important for users to limit the impact of such security breaches by using unique passwords for every online account. There are free password management applications that simplify the task of working with multiple passwords.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *