By Nathan Grayson on August 21st, 2013 at 8:00 am.
OK everyone, ready? Now breathe deep – fill your lungs with the thick, muggy air of anger surrounding your person – and siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiigh. Another week, another popular game got hacked. This time, it’s MOBA-kinda’s favorite largely benevolent emperor, League of Legends. You know the drill: change your various passwords and pay very close attention to your credit cards. The latter goes double here, because Riot’s confirmed that the hackers managed to make off with some old, thankfully encrypted credit card info. Better safe than sorry.
Riot made the announcement on its website, urging caution among North American players despite measures it previously took in order to safeguard against this kind of situation:
“What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.”
“Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn’t been used since July of 2011, and this type of payment card information hasn’t been collected in any Riot systems since then. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.”
Salted password hashes sound delicious. I really felt compelled to point that out. You may now go back to PAAAAAAAAAANICKING and/or calmly throwing refrigerator magnets in a blender to come up with a new password.
You can change your password here, if you haven’t already. Meanwhile, Riot is also adding additional layers of security in the form of email verification for any account changes made and a two-factor authentication system that’ll seek verification from either email or text message.
For now, I suppose that’s that. Best of luck to all whose info got nabbed. Dear hackers, you are jerks. Stop putting your wormy little hands all over people’s stuff. Take up crocheting or something. And get your worm hands looked at. That is probably a very serious medical condition.