Riot recently announced that they were the latest victims in a string of hacking attacks on gaming developers and publishers. Approximately 120 000 records were obtained, including credit card details!
In a blog post, Riot confirmed:
What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.
Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn’t been used since July of 2011, and this type of payment card information hasn’t been collected in any Riot systems since then.
Only those in North America were affected by the hack, but it certainly highlights the security weaknesses. It’s always a bit nerve-wracking to give credit card details, but even more so when you know that there are all these attacks! Good thing I only buy things from Riot using airtime.
Riot has now enhanced their password requirements, so don’t be surprised if you need to change your password when you login. But at least follow common sense practices – check that websites are indeed the correct ones when logging in, be careful of emails with strange attachments, etc. People will phish for anything these days!