Riot games - Popular multiplayer online games and League of Legends publisher has admitted that a portion of its North American user base, has had their account details exposed in what we can presume was some sort of hack. The company wrote in a blog post.
The security of your information is critically important to us, so we’re really sorry to share that a portion of our North American account information was recently compromised.
What we know: usernames, email addresses,salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.
We’re sincerely sorry about this situation. We apologize for the inconvenience and will continue to focus on account security going forward.
The compromised information consists of names, usernames, email addresses, and salted password hashes. While the passwords are encrypted, the company warns that they can be cracked, especially in the case of players who have weak passwords.
Players with accounts in North America are required to change their passwords in order to prevent account theft. In addition to getting all users to change their passwords, they are planning to move ahead with several other security updates. Said Riot,
“Additionally, new security features that are currently in development include:
Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.”