- Megachurch pushes conversion therapy on Instagram, Facebook with #OnceGay 6 Years Ago
- Christian movie review site blasts Netflix’s ‘The Family’ 6 Years Ago
- YouTube removes ‘coordinated’ channels spreading Hong Kong misinformation Today 8:58 AM
- Christina Hendricks reveals she was the hand model for ‘American Beauty’ Today 8:30 AM
- Why can’t independent feminist websites stay afloat? Today 8:17 AM
- Far-right troll Jacob Wohl scammed a Trump fan out of $25,000 Today 7:54 AM
- How to stream Browns vs. Buccaneers in key preseason action Today 7:02 AM
- Harness the power of sun: The best solar-powered phone chargers Today 6:00 AM
- Majority of threats made since El Paso and Dayton shootings have been made online Thursday 8:00 PM
- Miley Cyrus tweets about cheating allegations and penis cake drama Thursday 6:32 PM
- ‘The Dark Crystal: Age of Resistance’ dazzles with a timely tale Thursday 6:00 PM
- The DOJ emailed a white nationalist blog post to immigration judges Thursday 5:31 PM
- The Amazon rainforest is on fire–and people are using memes to cope Thursday 4:11 PM
- Microsoft contractors listened in on Xbox users Thursday 2:15 PM
- Anti-vaxxer assaults pro-vaccine lawmaker on Facebook Live (updated) Thursday 2:15 PM
Hackers breach ‘League of Legends,’ access 120,000 credit card numbers
The world’s “most played video game” gets gamed.
The developer behind League of Legends, the most popular video game on the planet, announced yesterday that about 120,000 player credit card numbers may have been stolen as just part of an unprecedented hack of its servers.
Riot Games detailed the full extent of the attack in a blog post:
What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.
The developer expressed hope that the impact of that last number would be limited, as they have not collected “this type of payment card information” in their systems since 2011.
Passwords are vulnerable, despite being salted—meaning they’re attached to random strings of data that make it more difficult for hackers to run their usual tricks when trying to decrypt them.
“The password files are unreadable,” Riot Games explained, “but players with easily guessable passwords are vulnerable to account theft.”
For a serious gamer, this can be as bad as hearing that your financial info was swiped, and potentially more devastating on the emotional level. Not every hacker is after money, after all: last October, someone unleashed a bug in World of Warcraft that killed off thousands of characters.
So what exploit did the League of Legends gatecrashers have in mind? An actual heist, or malicious mischief? Either way, Riot Games is taking steps to beef up security, including the implementation of two-factor authentication. But over at CNET, commenters are unimpressed.
“Implementing 2-factor after the fact will be a disaster,” wrote vorthex_. “Bad guy will crack the passwords, log in, change the email address and activate 2-factor on accounts who didn’t change their password, put in the number of a throw away phone, thus locking out the original owner for good.”
“Do all of these extra security measures even matter when the hackers are using modern day database extraction tools to get our data,” asked blazer412.
The hackers at large could probably answer that question, but don’t expect them to. They’re busy working on the next big thing.
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'