Riot games has confirmed the League of Legends servers were hacked, exposing the account data of some of its North American customers.
The security breach shows that even the heavy hitters in the games-as-service space like Riot are vulnerable to attacks, and that it’s important to be prepared for what these days amounts to an inevitability.
League of Legends is one of the most played games on the planet, boasting millions of users worldwide, but the attacks are said to have targeted North American account information.
“What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed,” the announcement read.
“This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.”
In addition, 120,000 transaction records may have been obtained including hashed and salted credit card numbers – a possibility the company is investigating.
The exploit took advantage of an older portion of Riot’s system that stored transactions from before to a 2011 update.
While the gap is being plugged, Riot recommended its users change their passwords to ensure their account information isn’t compromised.
The team is currently working on a number of new security features, including Email verification, and two-factor authentication.