‘League of Legends’ source code was stolen during security breach, refuse to pay ‘ransom’

On January 20, Riot Games suffered a social engineering hit that compromised its workspace, affecting the developer part of the company above all. Yesterday we wrote about this attack and what Riot reported on the networks, but today they confirmed that this breach was such that the source code of ‘League of Legends’‘Teamfight Tactics’ and one of their anti-cheat platforms was captured.

Well they let it see through the official page from Riot’s Twitter, where in a thread as a complement to their previous statements in which they revealed the scope of the attack.

As promised, we wanted to update you on the status of last week’s cyberattack. Over the weekend, our analysis confirmed that the attackers extracted the source code for ‘League of Legends’, ‘TFT’ and a legacy anti-cheat platform.

They also mention that today they received a ransom mail to recover those codes, something that Riot itself says they will not do. To assuage concerns a bit, they say again (as they did in their previous tweets) that there are no indications that users’ private information was compromised.

Also, the source code leak looks like it could unleash a new wave of cheating and cheats, which could affect the gaming experience for legitimate users.

Today, we received a ransom email. Needless to say, we won’t pay. While this attack disrupted our development environment and could cause problems in the future, most importantly, we are confident that no player data or personal information was compromised.

Truth be told, any source code exposure can increase the likelihood of new cheats popping up. Since the attack, we have been working to assess its impact on anti-cheat and be prepared to implement fixes as quickly as possible if necessary.

Continuing with the transparency that they want to show given this event, another problem that could be triggered is the leak or corruption of parts of the code that contain Experimental features for ‘LoL’ and ‘TFT’. These may never come out officially, but the latent danger of them being published by outsiders is present and they could be used in negative ways.

They close the thread anticipating that in the future will publish in detail how the attack occurred and the techniques implemented to achieve it. Despite the gray outlook, Riot Games remains positive, stating that they have made great progress since last week and that by the end of this week they hope to have much of the problem fixed.

We are committed to transparency and will publish a full report in the future detailing the attackers’ techniques, the areas where Riot’s security controls failed, and the steps we are taking to ensure this does not happen again.

We’ve made a lot of progress since last week, and we think we’ll fix things later in the week, allowing us to stay at our regular patch cadence going forward. The ‘League of Legends’ and ‘TFT’ teams will update soon on what this means for each game.

three wounded giants

This is not the first time that a title as important as ‘League of Legends’ has been compromised, as two major installments have suffered a similar attack in the last year. Perhaps the most notorious of all was what he suffered Rockstar Games, as content from ‘Grand Theft Auto VI’ was leaked, a title that could easily be the most anticipated of all future projects of the gaming.

Besides, the most scandalous It could be what happened to Guerrilla Games, who saw how not only the source code of ‘Horizon Forbidden West’ was leaked, but also a large part of Decima, the studio’s graphics engine.

Now it’s Riot’s turn and they’re going three big-name deliveries that have been breached in less than six months. We will have to wait to hear what the developer has to say, for now, it seems that they have the fire under control but still burning.