- Guy gets roasted for throwing razor in the toilet to protest Gillette Wednesday 9:23 PM
- Experts warn of uptick in ‘Ryuk’ ransomware after hackers net $3.7 million Wednesday 7:03 PM
- Video game composer boycotts Gillette after anti-toxic masculinity ad Wednesday 6:05 PM
- Steve Carell sitcom ‘Space Force’ heading to Netflix Wednesday 5:30 PM
- Ocasio-Cortez’s ‘run train’ phrase becomes conservative sex controversy Wednesday 5:25 PM
- ‘Into’ is a reminder that queer businesses can be hurt by straight leaders Wednesday 5:13 PM
- TSA agents are the latest tool in the government shutdown meme war Wednesday 4:22 PM
- YouTube still hosting bestiality images year after crackdown pledge Wednesday 4:13 PM
- YouTuber quits fight after Darth Vader fan film claimed by Disney Wednesday 3:26 PM
- Millions of Fortnite accounts exposed via Epic Games website exploit Wednesday 2:26 PM
- A man found a camera in his Airbnb and the company didn’t seem to care Wednesday 2:00 PM
- A redditor planted an Easter egg in Hulu’s Fyre Fest doc Wednesday 1:51 PM
- This new revelation about Woody from ‘Toy Story’ will blow your mind Wednesday 1:35 PM
- Dave Rubin fails to delete Patreon on livestream to delete Patreon Wednesday 1:14 PM
- The ‘some of y’all… and it shows’ meme is taking over Twitter Wednesday 12:24 PM
Hackers breach ‘League of Legends,’ access 120,000 credit card numbers
The world’s “most played video game” gets gamed.
The developer behind League of Legends, the most popular video game on the planet, announced yesterday that about 120,000 player credit card numbers may have been stolen as just part of an unprecedented hack of its servers.
Riot Games detailed the full extent of the attack in a blog post:
What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.
The developer expressed hope that the impact of that last number would be limited, as they have not collected “this type of payment card information” in their systems since 2011.
Passwords are vulnerable, despite being salted—meaning they’re attached to random strings of data that make it more difficult for hackers to run their usual tricks when trying to decrypt them.
“The password files are unreadable,” Riot Games explained, “but players with easily guessable passwords are vulnerable to account theft.”
For a serious gamer, this can be as bad as hearing that your financial info was swiped, and potentially more devastating on the emotional level. Not every hacker is after money, after all: last October, someone unleashed a bug in World of Warcraft that killed off thousands of characters.
So what exploit did the League of Legends gatecrashers have in mind? An actual heist, or malicious mischief? Either way, Riot Games is taking steps to beef up security, including the implementation of two-factor authentication. But over at CNET, commenters are unimpressed.
“Implementing 2-factor after the fact will be a disaster,” wrote vorthex_. “Bad guy will crack the passwords, log in, change the email address and activate 2-factor on accounts who didn’t change their password, put in the number of a throw away phone, thus locking out the original owner for good.”
“Do all of these extra security measures even matter when the hackers are using modern day database extraction tools to get our data,” asked blazer412.
The hackers at large could probably answer that question, but don’t expect them to. They’re busy working on the next big thing.
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'