A tough week for Riot Games has become even more complex, as the company recently confirmed it has been hacked by an unknown third party. Source code for two of its games, League of Legends and Teamfight Tactics, has reportedly been stolen in the intrusion, with the hackers nabbing data for experimental new features and game modes. Riot Games does not believe any personal player information has been caught up in this hack, although it has speculated the code may birth new League of Legends cheats that will need to be fended off in future.
According to company analysis, the method of attack has now been identified – with the hackers initiating a ‘social engineering’ ploy which manipulated access, likely via current employees.
The source code lifted during the attack is now being held for ransom, with Riot Games confirming it has received an email threat pertaining to the hack.
‘Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers. Today, we received a ransom email. Needless to say, we won’t pay,’ it said on Twitter.
Read: Riot Games confirms staff layoffs due to ‘strategic shifts’
‘While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised. Truthfully, any exposure of source code can increase the likelihood of new cheats emerging. Since the attack, we’ve been working to assess its impact on anti-cheat and to be prepared to deploy fixes as quickly as possible if needed.’
‘The illegally obtained source code also includes a number of experimental features. While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and there’s no guarantee it will ever be released. Our security teams and globally recognised external consultants continue to evaluate the attack and audit our systems. We’ve also notified law enforcement and are in active cooperation with them as they investigate the attack and the group behind it.’
Riot Games has committed to transparency, and promised to provide updates as the investigation continues, and it works to monitor potential intrusions. For now, this means company resources will be focussed away from new patches and content – but Riot has promised ‘regular patch cadence’ will return as the situation clears up.
We’ll likely learn more about this intrusion and its impact on regular play in the coming weeks.