League of Legends has been hacked, so now may be an excellent time to update your password.
Riot Games dropped the news today on the official League site, revealing that "a portion of" their North American account information has been compromised. What kind of info are we talking about here? Stuff like usernames, email addresses, salted password hashes, and some real names.
Needless to say, Riot is investigating these shenanigans. The company is currently combing through approximately 120,000 transaction records from 2011 that contains some of these salted password hashes. Apparently, the type of payment system involved with the security breach hasn't been used since July 2011, and "this type of payment card information" hasn't been collected by Riot's systems since then.
What that basically means is that only some players may be affected, and Riot will be notifying them via email.
No doubt many of you have already paused in the middle of reading to change your passwords. As for everyone else, you'll have to come up with a new one anyway, because Riot is requiring all North American players to change their passwords within the next 24 hours. The prompt should come up whenever you try to log into the game.
Alternatively, you can be proactive and change it now. While Riot did point out that only "easily guessable" passwords are at risk, it's better to be safe than sorry.
On top of the mandatory password change, Riot is currently developing a couple of new security features for League of Legends:
- Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
- Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.
Dang hackers. Here's hoping no one was or will be harmed by all of this.