Hackers has managed to hack their way into
RIOT's most secret areas, and have managed to extract personal information of lots of summoners.
Data like personal passwords, birthdates and email is what the hackers has gotten away with. The amount of accounts affected is not disclosed at this time, and no credit card info has been obtained.
Below you can find the statement from
RIOT:
Keeping player information secure is very important to Riot. That's why we're sorry to share that hackers accessed some player account information.
Scope
After a thorough and urgent investigation with help from independent security experts, we have determined:
Hackers gained access to certain personal player data contained in certain EU West and EU Nordic & East databases ; as a security precaution, we're emailing all players on these platforms
The most critical data accessed included email address, encrypted account password, summoner name, date of birth, and – for a small number of players – first and last name and encrypted security question and answer. (Note: Security question and answer are no longer used in our account recovery process.)
Absolutely no payment or billing information of any kind was included in the breach
Even though we store passwords in encrypted form only, our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking.
Our actions:
We've fixed the specific security issue that hackers exploited.
Over the next 24 hours, we'll be notifying all EUW and EUNE players via email; although only a portion of players might have been affected, we consider broader notification a good security precaution.
We'll be updating this post with the latest on this situation and will monitor comments here for questions that require further clarification.
Our investigation into this issue is ongoing – we've hired experts and are working with the relevant authorities to more thoroughly understand causes, culprits, and preventative measures to make future breaches less likely.
We've redirected teams to quickly implement new security measures that will help improve the safety of your data.
We'll continue to invest in security measures, including password hashing and data encryption, state-of-the-art firewalls, SSL, security ninjas, and other security measures to make your info safer. We've been humbled by this experience and know that nothing guarantees the security of Internet-connected systems such as League of Legends. We can simply promise to try our very best to protect your data.
Please change your passwords
Please immediately change your account password by visiting the account management page, then clicking "change password." If you use the same password for accounts on other services, you should change those passwords as well.
Please use a good password. We compared encrypted password hashes and discovered that 11 passwords were shared by over 10,000 players each. A double-digit percentage of individuals had the same password as at least one other person. We encourage you to:
-Keep it unique -- use a different password for each important account
-Make it long -- at least 8 characters
-Mix it up -- use letters, numbers, and special characters
Hackers often send phishing emails to addresses that are captured in data thefts, so please be extra vigilant about emails containing attachments or links.
We're sorry
Brandon and I want to sincerely and personally apologize to you for this situation. We take your privacy and security seriously, and we're working diligently to improve it for the better.
Thank you,
Marc Merrill
Brandon Beck
HakThor (Viol Porn Chaos  ) 14 Jun 2012 04:03 | |
MadUSA wrote:
HakThor wrote:
Yeah, i was one of them i received a few pms from a few admins and they reseted my password also without asking them to do so.
And no i did not open any link or any page or anything else.. How they hacked me was from forum where they took my name.
Any info you could share in regard to this would also be beneficial for other players here on CB
Well i didn't do much, I knew someone was been on my account for several times. All the ip's came from german dutch and lux players who we're on my account.
My account is well old, since beta which contains a few privileges, don't know if that was the reason, besides that im not a high ELO players, just a regular player and regular rankeds games.
But in any case if some of you were hacked. And are no more able to connect or login. Creat a new acc under the same email. Yes you can create more than a acc with the same email, at least i can or could. Go on forums and contact a head admin add him send him a pm and he will redirect you and tell you what to do or he himself will. Questions will be ask, much likely the same like here "CB" when someone takes over your/our account.
That's it, pretty much the same. They simple reseted my pw acc. |
| MadUSA (*CB*) 12 Jun 2012 20:44 | |
HakThor wrote:
Yeah, i was one of them i received a few pms from a few admins and they reseted my password also without asking them to do so.
And no i did not open any link or any page or anything else.. How they hacked me was from forum where they took my name.
Any info you could share in regard to this would also be beneficial for other players here on CB |
| HakThor (Viol Porn Chaos ) 12 Jun 2012 17:52 | |
Yeah, i was one of them i received a few pms from a few admins and they reseted my password also without asking them to do so.
And no i did not open any link or any page or anything else.. How they hacked me was from forum where they took my name. |
|ntruder ([(-E-)]  ) 12 Jun 2012 16:34 | |
haha  |
Vö|canic  (CB) 12 Jun 2012 08:55 | |
Changed my pass.
Thankyou |
EuroCup XXVII
Illoginja
South Africa
6 Months: €5.99