Riot Games has issued a security update that applies to North American players of League of Legends. Account information -- including usernames, transaction records from 2011, and hashed and salted passwords and credit card numbers -- has been compromised. Here's the official line from the company:
"What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.
"Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn't been used since July of 2011, and this type of payment card information hasn't been collected in any Riot systems since then. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players."
Going forward, Riot will require new registrations and account changes to be associated with a valid email address; once introduced, this email requirement will also apply to existing League of Legends players. Two-factor authentication is also planned, meaning changes to your account email or password will need to be verified through email or SMS.
Get more destructoid: We're indie-run, blogging for the love of it, and our site will always be free. Optionally, you can support us and get: (1) Faster pages from our cloud server (3) Wide(r)screen (3) No big ads on Dtoid, Japanator, Tomopop, or Flixist (4) Auto contest entries, and (5) Dibs on betas & downloads. Try it out
Unsavory comments? Please report harassment, spam, and hate speech to our moderators, and flag the user (we will ban users dishing bad karma). Can't see comments? Apps like Avast or browser extensions can cause it. You can fix it by adding *.disqus.com to your whitelists.
destructoid's previous coverage: League of Legends