Earlier this week Riot Games announced on social media that its development systems had been the victim of a social engineering hack and that it would delay the release of updates to several of its games. At the time, the company noted that personal user data and information was not compromised and didnโt appear to be the target of hackers.ย
On Tuesday the League of Legends and Valorant developer provided an update.ย
The company said in a social media post that it has been contacted by those responsible for the security breach and that they are demanding a ransom payment or they will release code for League of Legends and Teamfight Tactics, as well as its legacy anticheat platformโcode it apparently stoleโinto the wild. Riot said that it refused these demands, and while the company hasn’t said it publicly, there’s no doubt that law enforcement agencies including the FBI are likely already involved.
Riot’s full statement can be read below:
As promised, we wanted to update you on the status of last weekโs cyber attack. Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers.
Today, we received a ransom email. Needless to say, we wonโt pay.
While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised.
Truthfully, any exposure of source code can increase the likelihood of new cheats emerging. Since the attack, weโve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed.
The illegally obtained source code also includes a number of experimental features. While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and thereโs no guarantee it will ever be released.
Our security teams and globally recognized external consultants continue to evaluate the attack and audit our systems. Weโve also notified law enforcement and are in active cooperation with them as they investigate the attack and the group behind it.
Weโre committed to transparency and will release a full report in the future detailing the attackersโ techniques, the areas where Riotโs security controls failed, and the steps weโre taking to ensure this doesnโt happen again.
Weโve made a lot of progress since last week and we believe weโll have things repaired later in the week, which will allow us to remain on our regular patch cadence going forward. The League and TFT teams will update you soon on what this means for each game.
The Esports Advocate will continue to follow this story as it develops…