Riot Games confirmed that the source code of Leagle of legends and of Team Fight Tactics was stolen by cybercriminals, in addition to a legacy anti-tampering platform.
The attack was first reported on January 20, but this Tuesday, January 24, they delivered the details, which for the moment have not affected the personal data of registered users of the company’s video games.
The theft of this information was carried out through social engineering, as revealed Riot on their Twitter account and they are currently investigating to find solutions to the situation and clues that show the details of the cyberattack.
“We do not have all the answers at this time, but we wanted to let you know that there is no indication that they have obtained player data or personal information,” the company said.
Riot is the owner and developer of League of Legends, TFT, Valorant, Legends of Runeterra and Wild Riftthese last two games exclusive to mobile, so there is a lot of information that attackers can take.
At the moment the company confirmed that the situation will affect the release of update 13.2 that players were waiting for on January 25 in League of Legends.
The main objective of the company is to solve this incident to guarantee the safety of the players, since taking the source code of the games can generate a wide variety of problems.
“Any source code exposure may increase the likelihood of new hacks emerging. Since the attack, we have been working to assess its impact on the anticheat and be prepared to implement fixes as quickly as possible if necessary.
It is important to note that the source code includes experimental features that Riot is still being developed or that are just proposals, such as game modes or changes that may or may not reach users.
In the developer studio they assure that they are receiving help from authorities specializing in cybercrime and that they have advanced enough so that next week they can have news for players, such as the patches that were expected to be launched in LoL and TFT, since none of the changes that were prepared will be cancelled, according to the person in charge of League Studio, Andrei vanRoon.
This attack comes just hours after the start of the Latin American League of League of Legendswhich for now will not have any impact on its calendar and the tournament will start normally on January 24 from 5:00 p.m. in Colombia and 7:00 p.m. in Argentina.
Finally, Riot Games confirmed that by email they received blackmail for the attack. Although they did not give details of this communication from the criminals, they did affirm that they are not going to pay because “we feel confident that no details or personal information of the players has been compromised.”
ESETa cybersecurity company, warned about the increase in this type of cases in the gaming sector, since cybercriminals try to insert backdoors into their development environment with the aim of distributing malware as part of legitimate software.
“Cyberattacks targeting popular game developer companies and studios have increased significantly. Criminals use different techniques (phishing, malware, attacks on web applications, brute force, etc.) to launch their attacks in search of stealing sensitive user information, compromising access accounts to platforms or to gain access to the systems of the companies. Directly or indirectly, the objective of the attackers is economic”, he assures Camilo Gutierrez Amaya, Head of the ESET Latin America laboratory.
An example in 2022 was Ubisoft and in 2021 it was Electronic Arts. Both were attacked by the same group, who stole personal information by tricking employees using social engineering.