Riot Games has issued an announcement concerning the security of League of Legend account holders in North America. Their databases housing personal account information has been accessed and as a countermeasure they are requiring that all North American accounts changing their password to a stronger one that would be “much harder to guess”. So far, here is what could have been accessed:
- Email Addresses
- Some First and Last names
- Salted password hashes
The good news is that your passwords are extremely secure since Riot Games is following good security practices with your passwords unlike some other notable companies that store them in clear text ~cough~ Sony ~cough~.
The investigation is still ongoing at the moment and includes sifting through around 120,000 credit card transaction from back in 2011 that used salted and hashed credit card numbers. Riot is on the case and seems to be taking a stronger look at their security measures by introducing two new security features.
Additionally, new security features that are currently in development include:
- Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
- Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.
We suggested that you all update your passwords as well and maintain good security practices such as not sharing account info, using strong passwords with a mix of letters, numbers, and special characters, and avoiding sites that might house malicious software.