Riot Games says League of Legends source code stolen in cyberattack
Add Axios as your preferred source to
see more of our stories on Google.
Photo: Chris Delmas/AFP via Getty Images
Riot Games, the developer of well-known video games League of Legends and Valorant, said Tuesday that hackers recently stole the source code for some of its most popular games in a recent breach.
Driving the news: Riot Games has been responding to a so-called social engineer attack since last week.
- Details have been sparse, but in an update Tuesday, the company confirmed that malicious hackers behind the attack were able to exfiltrate source code from League of Legends, Teamfight Tactics and "a legacy anticheat platform."
- Riot also said the hackers, who haven't been identified, had demanded a ransom, but "we won't pay." The company is working with law enforcement to investigate the incident.
- Most major organizations facing headline-grabbing security incidents are likely to refuse to pay a ransom to avoid further emboldening their attackers. The LA Unified School District is a recent example.
The big picture: Riot is just the latest gaming company to have hackers steal — and eventually leak — its proprietary information.
- In October, hackers stole and leaked what appeared to be in-development footage of Rockstar Games' upcoming Grand Theft Auto 6.
- And hackers have been able to steal key source code from major companies, including Microsoft and Samsung, in the last year, as well.
Details: While Riot is still investigating the full extent of the breach, the company said the stolen source code includes a "number of experimental features" that may never be released.
- Riot noted that any exposure of source code can "increase the likelihood of new cheats emerging," and its teams have been preparing to "deploy fixes as quickly as possible if needed."
Thought bubble from Axios Gaming's Stephen Totilo: Video game companies are popular targets for hackers, often resulting in salacious leaks of unreleased content, and at times breaches of personal info.
- Companies may not be able to contain all their secrets, but players would be best-served to use two-factor authorization and other heightened security.
What's next: Riot estimated it will have "things repaired later in the week," allowing the company to "remain on our regular patch cadence going forward."
- Riot also said it plans to release a full report detailing how the attackers broke in, who was behind the attack and where "Riot's security controls failed."
Sign up for Axios’ cybersecurity newsletter Codebook here.
