League of Legends EU accounts hacked

Hackers have gained access to certain personal League of Legends player data contained in certain EU West and EU Nordic & East databases, Riot Games has announced.

Riot adds that the “most critical data accessed included email address, encrypted account password, summoner name, date of birth, and – for a small number of players – first and last name and encrypted security question and answer”.

No payment or billing information of any kind was included in the breach.

However, Riot warns that even though passwords were stores in encrypted form, its security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking. All potentially affected players are advised to change their passwords.

• Please immediately change your account password by visiting the account management page at https://euw.leagueoflegends.com/account, then clicking “change password.” If you use the same password for accounts on other services, you should change those passwords as well.
• Please use a good password. We compared encrypted password hashes and discovered that 11 passwords were shared by over 10,000 players each. A double-digit percentage of individuals had the same password as at least one other person. We encourage you to:–Keep it unique — use a different password for each important account–Make it long — at least 8 characters –Mix it up — use letters, numbers, and special characters
• Hackers often send phishing emails to addresses that are captured in data thefts, so please be extra vigilant about emails containing attachments or links.

“Brandon and I want to sincerely and personally apologise to you for this situation,” concluded a post by Mark Merrill and Brandon Beck on the League of Legends website. “We take your privacy and security seriously, and we’re working diligently to improve it for the better.”