League of Legends source code hacked, Riot refuses to pay extortion
On Tuesday, Riot Games announced that the source code for both League of Legends and Team fight tactics was stolen and that it would not pay the ransom demanded by hackers to get it back. It is the latest in a series of data breaches at major gaming companies, and means both games could become increasingly vulnerable to cheaters in the coming months.
“Over the weekend, our analysis confirmed that the source code for League, TFT and an older anticheat platform were exfiltrated by the attackers,” Riot Games tweeted. “Today we received a ransom email. Needless to say, we are not paying.”
Riot Games revealed late last week that their systems had been “compromised” by a social engineering attack. Although no player data or personal information had been taken, the company said the attack would slow down the release of upcoming patches for some of its games.
Today we received a ransom email. Needless to say, we don’t pay.
While this attack disrupted our build environment and may cause problems in the future, it is most important that we remain confident that no player data or player personal information was compromised.
— Riot Games (@riotgames) 24 January 2023
As of today, the company has not confirmed the exact methods the alleged attackers used to steal the source code for one of the most popular multiplayer games in the world, although “social engineering” could point to an employee accidentally handing over login information to a stranger via a phishing scheme on another platform.
This is how a hacker drained hundreds of millions in cryptocurrency from the NFT game Axie Infinity last year. The recent hack by Rockstar Games led to an unprecedented leak of underdevelopment Grand Theft Auto VI Materials are also rumored to have come about in a similar way, with the alleged hacker possibly infiltrating the company via a Slack login. Regardless of the methods, ransomware hacks are clearly on the rise. Cyberpunk 2077 producer CD Projekt Red, and Fire Ring publisher Bandai Namco, are just some of the other big name game companies hacked in recent years.
A Riot Games spokesperson declined to comment further, but said the company will publish a full review of the breach in the future, including the attack vectors used by the hackers.
“Since the attack, we have been working to assess the impact on anticheat and to be prepared to deploy fixes as quickly as possible if necessary,” Riot Games continued in its tweet thread today. But the company revealed that the stolen builds also contained secret experimental new features for League of Legends and Team fight tacticsmaking it likely that they could leak ahead of any official announcement.
“While we hope some of these game modes and other changes will eventually make their way to players, most of this content is in prototype and there is no guarantee that it will ever be released,” Riot Games wrote.
The company also said that it is currently working with law enforcement in the investigation of the hack and that it expects to have its systems fully restored by the end of the week, when game updates can begin to resume as normal. Riot Games was one of a number of gaming and technology companies to cut jobs last week, laying off close to 50 employees.