- We now probably know the final runtime for ‘Avengers: Endgame’ Monday 11:06 PM
- Cardi B says she drugged, robbed men in her past on Instagram Live Monday 8:03 PM
- Twitter thread roasts bathtub tray ads for women Monday 7:21 PM
- Nintendo set to release two new models of the Switch—possibly in 2019 Monday 6:45 PM
- Viral cat video ‘Dear Kitten’ finds new life in TikTok challenge Monday 5:30 PM
- Here’s every show that was announced at the Apple TV+ kickoff Monday 3:53 PM
- ‘Shazam!’ embraces the spectacle and heart of the superhero genre Monday 3:45 PM
- How to mute Twitter’s suggested tweets on your timeline Monday 3:02 PM
- What you need to know about Apple’s new streaming service Monday 2:32 PM
- Text-message fanfiction is taking over Instagram Monday 1:54 PM
- Your Asus computer might have a secret backdoor Monday 1:06 PM
- Trump is already fundraising off the Mueller report—even though no one’s seen it Monday 1:01 PM
- Michael Avenatti charged with trying to extort $20 million from Nike Monday 12:51 PM
- Logan Paul says being a YouTuber is ‘wack’ Monday 12:14 PM
- James Comey posts from a forest in wake of Mueller report Monday 10:35 AM
Hackers breach ‘League of Legends,’ access 120,000 credit card numbers
The world’s “most played video game” gets gamed.
The developer behind League of Legends, the most popular video game on the planet, announced yesterday that about 120,000 player credit card numbers may have been stolen as just part of an unprecedented hack of its servers.
Riot Games detailed the full extent of the attack in a blog post:
What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.
The developer expressed hope that the impact of that last number would be limited, as they have not collected “this type of payment card information” in their systems since 2011.
Passwords are vulnerable, despite being salted—meaning they’re attached to random strings of data that make it more difficult for hackers to run their usual tricks when trying to decrypt them.
“The password files are unreadable,” Riot Games explained, “but players with easily guessable passwords are vulnerable to account theft.”
For a serious gamer, this can be as bad as hearing that your financial info was swiped, and potentially more devastating on the emotional level. Not every hacker is after money, after all: last October, someone unleashed a bug in World of Warcraft that killed off thousands of characters.
So what exploit did the League of Legends gatecrashers have in mind? An actual heist, or malicious mischief? Either way, Riot Games is taking steps to beef up security, including the implementation of two-factor authentication. But over at CNET, commenters are unimpressed.
“Implementing 2-factor after the fact will be a disaster,” wrote vorthex_. “Bad guy will crack the passwords, log in, change the email address and activate 2-factor on accounts who didn’t change their password, put in the number of a throw away phone, thus locking out the original owner for good.”
“Do all of these extra security measures even matter when the hackers are using modern day database extraction tools to get our data,” asked blazer412.
The hackers at large could probably answer that question, but don’t expect them to. They’re busy working on the next big thing.
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'