Hacker Seeks Ransom Payments After Acquiring Source Code From Riot Games League of Legends, Teamfight Tacticsand the company’s “legacy anti-cheat platform,” a company spokesperson said on Twitter. Riot Games refused to pay after the systems were compromised in a social engineering scam.
The company has stopped posting content for League of Legends and Teamfight Tactics while the teams worked to secure the system. Riot Games expects a patch to be implemented later this week, in which patch updates will then resume. Both Teamfight Tactics and League of Legends will get patches to apply some expected changes, but other major tweaks will have to wait – for Teamfight Tactics and League of Legendslarge items are moved to the February 8 patches.
As promised, we wanted to update you on the status of last week’s cyberattack. Over the weekend, our analysis confirmed that source code for League, TFT, and a legacy anti-cheat platform had been exfiltrated by attackers.
– Riot Games (@riotgames) January 24, 2023
No player data or personal information was compromised in the attack, according to Riot Games. The source code for each of the games, however, includes “experimental” features that the company was not prepared to share – prototype work with no guarantee of release.
The other major concern with stolen source code is the likelihood of new cheats, Riot Games said. “Since the attack, we have been working to assess its impact on anticheat and be ready to deploy fixes as quickly as possible if necessary,” he tweeted. The company is working with its security team, consultants and law enforcement to investigate the attack and its perpetrators.
Riot Games declined to comment further on the attack, but noted that the company intends to release a full report that details “attackers’ techniques, areas where Riot’s security checks failed, and steps.” [it’s] take to make sure it doesn’t happen again. Social engineering scams are designed to target people – in this case, people with access to Riot Games systems. They exploit human error, such as sending fake emails designed to trick someone into sharing information or installing malware. Social engineering hacks are a common tactic; they led to Rockstar Games’ Grand Automatic Flight 6 leaked last year.
Riot Games has also targeted social engineering scammers in the past. In December 2021, he filed a complaint against a network of scammers targeting job seekers – specifically, people who wanted to get into the video game industry. The scammers, in this case, posted fake job offers, arranged fake interviews, and ultimately stole money from the victims. This lawsuit was dismissed in 2022.