League of Legends players are, unfortunately, being warned of a security breach that took place in recent times, resulting in the theft of some user data, with some affected payers receiving notifications depending on how they were affected. The security breach has prompted the implementation of some new security features that are now in development.
According to the announcement, the company is currently aware of a security breach that resulted in some usernames, email addresses, first names and last names, and salted password hashes all being accessed. Because the passwords were encrypted, the thief/thieves will not be able to use them to access accounts, but could use the other information stolen to breach accounts with easy-to-guess passwords.
Beyond that, the company says it is also checking through about 120,000 transaction records dated in 2011 that were accessed in the breach. These transaction records contained hashed and salted credit card numbers, and were part of a system that it says has not been used since 2011, when the records were produced. Those affected by this will be notified by the company.
The breach effected players located only in North America, all of whom will be required to change their passwords in the next 24 or so hours – with the requirement being more complex passwords that aren’t too simple to guess. The requirement will follow an automatic prompt that appears when a player tries to log in, but gamers can get a jump on this by changing the password on their own now.
As mentioned, this breach has spawned new security measures, two of which are currently being developed: email verification and two-factor authentication. The email verification will require registration and account changes to be made by verifying a valid email address, while two-factor authentication will need to be verified using a text message or email.
SOURCE: League of Legends