Earlier this week, Riot Games announced that it had received a ransom note from hackers demanding payment for source code that had been stolen during what it described as a “social engineering attack.” That note has been obtained by Vice’s Motherboard and made public.
The company wrote in a social media post on Tuesday that it had been contacted by those responsible for the security breach and that they are demanding a ransom payment or they will release code for League of Legends and Teamfight Tactics, as well as its legacy anticheat platform code Packman. Riot said that it refused these demands.
In the note obtained by Motherboard, the unnamed hacker(s) demand that Riot pay them $10M USD for the source code to League of Legends and its anti-cheat code Packman. In return, the group promised to never release the files to the public and to provide details on how the breach occurred so that Riot can avoid having it happen again in the future.
The note can be read below—sans the Telegram link for Riot to communicate with the hackers.
Dear Riot Games,
We have obtained your valuable data, including the precious anti-cheat source code and the entire game code for League of Legends and its tools, as well as Packman, your usermode anti-cheat. We understand the significance of these artifacts and the impact their release to the public would have on your major titles, Valorant and League of Legends. In light of this, we are making a small request for an exchange of $10,000,000.
We uploaded a tree list pdf file, which you can view the tree of Packman and League of Legends source. If you require any files for proof, message us and we will provide you the raw file.
In return, we will immediately remove all source code from our servers and guarantee that the files will never be released to the public. We will also provide insight into how the breach occurred and offer advice on preventing future breaches. We suggest communicating through Telegram, you can join us here.
Another report from BleepingComputer claims that hackers gained entry into Riot’s network via a social engineering attack over SMS by targeting an unnamed employee and that they had access for 36 hours before being detected by the company’s network security, according to public comments from security research group VX-Underground.
The report also claims that the source code for League of Legends and the legacy Packman anti-cheat platform has appeared on a popular hacking forum where it is being sold for $1M, though they have told the publication that they would sell Packman on its own for $500K. Hackers also told the publication that they sent a small snippet of code to Ryscu, a YouTuber who creates League of Legends content.
The Esports Advocate could not independently verify the veracity of these reports.