League of Legends got backdoored. Riot Games sent out an update to North American players today warning that the online game's account information including encrypted credit card numbers and passwords may have been illegally accessed.
About 120,000 transaction records from 2011 containing hashed and salted credit card information were compromised. Your info is only at risk if you made purchases through the system before July of that year, though it should be difficult if not impossible to decrypt. Riot said it plans to notify affected players by email and take appropriate action to safeguard them.
Aside from the older system, current account information including usernames, email addresses, encrypted passwords, and even some first and last names were accessed. Players with easy-to-guess passwords (that's you, passw0rd and abcd1234) are still vulnerable to brute-force guesses. With that in mind, all North American players must reset their passwords within the next 24 hours.
Riot said it is working on email verification and two-factor authentication, both industry standard security features, for future implementation.
Log in using Facebook to share comments, games, status update and other activity easily with your Facebook feed.