Riot games hacked, no indication of personal data stolen

[marksti64]

Content source

https://sg.news.yahoo.com/riot-games-hacked-league-of-legends-valorant-and-other-titles-affected-102120358.html

It’s been a rough start of the year so far for Riot Games, the developer of popular titles such as League of Legends (LoL), League of Legends: Wild Rift, VALORANT, Teamfight Tactics (TFT), and Legends of Runeterra.
A week after the huge controversy around LoL’s season-opening cinematic, the gaming company announced on Saturday (21 January) that their ‘development environment had been compromised via social engineering attack’.
Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained.
Riot said in the tweet that there was 'no indication' that layer information such as passwords, user names, and personal information that taken.
However, since it was the development environment that had been hacked, this may affect upcoming patch releases across Riot’s titles such as LoL, VALORANT, and TFT.
The first game to be affected is LoL’s scheduled patch 13.2 release on Thursday (26 January), which may also be delayed. This patch includes the long-awaited Ahri art and sustainability update (ASU) and the Lunar New Year skins. Ahri’s ASU may be delayed to Patch 13.3, scheduled on 8 February.
The League team also said in a tweet that the incident “may impact our delivery date for Patch 13.2”. However, they promised their players that the team was “working to stretch the limits of what we can hotfix,” so that the important tested balance changes can still be rolled out.

Riot games have also made a tweet and said that they will keep us up-to-date.

 

[plat]

By report, Riot Games refuses to pay the ransom. Bleeping Computer says the ransom amount is 10 million US dollars.

Riot Games receives ransom demand from hackers, refuses to pay

Riot Games says it will not pay a $10 million ransom demanded by attackers who stole League of Legends source code in last week's security breach.

www.bleepingcomputer.com

 

[marksti64]

As promised, we wanted to update you on the status of last week’s cyber attack. Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers.

Today, we received a ransom email. Needless to say, we won’t pay. While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised.

Truthfully, any exposure of source code can increase the likelihood of new cheats emerging. Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed.

The illegally obtained source code also includes a number of experimental features. While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and there’s no guarantee it will ever be released.

Our security teams and globally recognized external consultants continue to evaluate the attack and audit our systems. We’ve also notified law enforcement and are in active cooperation with them as they investigate the attack and the group behind it.

We’re committed to transparency and will release a full report in the future detailing the attackers’ techniques, the areas where Riot’s security controls failed, and the steps we’re taking to ensure this doesn’t happen again.

We’ve made a lot of progress since last week and we believe we’ll have things repaired later in the week, which will allow us to remain on our regular patch cadence going forward. The League and TFT teams will update you soon on what this means for each game.

 

[marksti64]

Directory listing of some of the exfiltrated data posted by vx-underground:

 

[Zero Knowledge]

Our security teams and globally recognized external consultants continue to evaluate the attack and audit our systems. We’ve also notified law enforcement and are in active cooperation with them as they investigate the attack and the group behind it.

OK. I don't think a game company getting hacked and losing its source code is a high priority for the powers that be.

 

[plat]

vx-underground claims he was in contact with the hacker of Riot Games and something called "Packman" anticheat for both Valorant and League of Legends was likewise stolen.

Spoiler

Update:
Acc. to vx-underground, the hacker disclosed additional details. Of interest: no malware was utilized in the attack--just social engineering involving an employee there.

Spoiler

 

[Zero Knowledge]

vx-underground claims he was in contact with the hacker of Riot Games and something called "Packman" anticheat for both Valorant and League of Legends was likewise stolen.

Maybe I was a bit too quick to dismiss this hack. I didn't realize they are trying to extort $10 million from Riot. That's not acceptable and should not be tolerated. But on the other hand, to get your whole source code stolen + your anti-cheat is pretty bad, mistakes/hacks happen but those are the crown jewels.