San José, Jan 26 (elmundo.cr) – The video game company Riot Games officially announced on January 20 that it suffered a security incident.
In this regard, the creators of games such as League of Legends, Valorant or Teamficht Tactics explained through their Twitter account that the attackers managed to access their development environment through a social engineering attack.
“So far there are no indications that those responsible for the attack have had access to player data or personal information,” they explained.
It should be noted that “they are currently investigating what happened in search of answers, but so far there is no evidence that they have accessed personal information of the players.”
“We do not have all the answers at this time, but we wanted to let you know that there is no indication that they have obtained player data or personal information,” the company said.
“Unfortunately, the incident will temporarily affect the release of updates in several of your games until the team finishes working on resolving the issue. The fans waited for the next January 25 release of update 13.2 in League of Legends. From the official game account at Twitter They assure that they are working to try to release as many of the planned changes by that date, although some changes such as the Ahri visual update (ASU) will have to wait for the 13.3 update, scheduled for February 8, “they indicated.
For his part, the head of League Studio, Andrei van Roon, responded via Twitter a comment and assured that none of the planned changes will be cancelled.
From ESET they warned that “this incident suffered by Riot Games is a new case that adds to the list of attacks on video game companies, since they are a attractive target for cybercriminals. On several occasions, video game companies have suffered attacks in which attempts were made to insert backdoors into your development environment with the aim of distributing malware as part of legitimate software.”
«Cyberattacks targeting popular game developer companies and studios have increased significantly. In fact, during the COVID-19 pandemic, the video game industry saw an increase in cyberattacks like no other industry, according to a study conducted by Akamai. Criminals use different techniques (phishing, malware, attacks on web applications, brute force, etc.) to launch their attacks in search of stealing sensitive user information, compromising access accounts to platforms or to gain access to the systems of the companies. Directly or indirectly, the target of the attackers is economic», commented Camilo Gutiérrez Amaya, head of the ESET Latin America Laboratory.
In 2022 the video game company Ubisoft suffered a security incident It is believed to have been the work of the LAPSUS$ group. This same group would be responsible for the incident that affected another video game company in 2021 such as Electronic Arts (EA). In both cases, the attackers had access to the company’s personal information, such as the source code from FIFA 21.
In the attack on EA, the attackers accessed the systems by socially engineering a support employee who allowed them access to the network through slack.