The source code for the League of Legends (LoL) multiplayer online combat arena, the Teamfight Tactics (TFT) auto battler game, and a legacy anti-cheat platform were stolen by a hacker who gained access to Riot Games’ networks. The hacker then issued a ransom email to the video game publisher.
Following the penetration of its systems in a social engineering fraud, a business representative claimed on Twitter that Riot Games had refused to pay a $10 million ransom demand.
Today, we received a ransom email. Needless to say, we won’t pay.
While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised.
2/7
— Riot Games (@riotgames) January 24, 2023
While teams tried to protect the system, the firm stopped releasing new content for League of Legends and Teamfight Tactics. Later this week, a remedy is anticipated to be implemented, after which patch updates will resume.
The Game Publisher has affirmed that to expedite some anticipated changes, Teamfight Tactics and League of Legends will both receive hotfixes; however, more significant modifications will need to wait until patches on February 8 for both games.
Riot Games asserted that despite the disruption this attack caused to their development environment and the potential for future problems, they are confident that no player data or private information was compromised.
The LoL and TFT teams are investigating how the cheat developers might exploit the data obtained to create new tools and determine whether any fixes are necessary to thwart such nefarious attempts.
According to the game creator, the game source code obtained during the security breach also includes other elements that are now in development but may never be released.
We’ve made a lot of progress since last week and we believe we’ll have things repaired later in the week, which will allow us to remain on our regular patch cadence going forward. The League and TFT teams will update you soon on what this means for each game.
7/7
— Riot Games (@riotgames) January 24, 2023
A detailed report on how its development environment was compromised and the steps taken to prevent this from happening again will be made public, according to Riot Games, which stated that it is working with law enforcement and other consultants to examine the incident.
Many gaming publishers were hacked recently
The 2K Games incident, reported in September 2022, claimed that attackers hacked its help desk and infected specific clients with malware, which came after the Riot Games hack. 2K informed its customers that some of their data had been stolen and sold online in October 2022.
The same month, Rockstar Games was also compromised, with the hacker releasing videos of the upcoming Grand Theft Auto VI game and GTA V and GTA VI source code files.
The same hacker that targeted Rockstar Games also claimed responsibility for a strike on Uber, who blamed the Lapsus$ extortion gang for their breach.
Several well-known corporations, including Microsoft, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft, Okta, and e-commerce juggernaut Mercado Libre, have had their networks breached by Lapsus$.
Source code and confidential information acquired from the networks of victims were also exposed by this cybercrime organization, resulting in significant data breaches and leaks.