Riot Games Refusing Blackmail Payment Amid Source Code Hack

Riot Games stands as a heavyweight game developer, standing behind the title of League of Legends. On Friday, the company published a tweet that revealed that their systems had been hacked via a social engineering attack, that is, the theft of critical system information via social intrigues.

A Data Breach On Friday

Recently, Riot Games has published new details about the matter. On the 24th of January, the developer explained that they had been analyzing the attack throughout the weekend. The conclusion was that the source code of League of Legends and Team Fight Tactics were both stolen from the developers. Interestingly enough, the malicious actors also made off with the source code of a legacy anti-cheat engine.

The tweet stated that on the day of posting, they had received a ransom email about the entire matter. It’s become something of a standard practice: Steal the source code of video game titles, then blackmail the developers into giving you money. Riot Games, is having none of it, however, and has made it clear that they will not pay for this blackmail attempt.

Doing Damage Control

Riot Games was quick to do a bit of damage control, though. They highlighted that the attack may have disrupted their build environment, but the dev team is confident there was no leak in player data or personal information.

Furthermore, Riot Games highlighted that both globally recognized external consultants and their internal security teams are in the process of evaluating the attack. Law enforcement has been notified, according to the tweet, and their systems are being audited. Riot games made it clear that they were cooperating with law enforcement in order to help them investigate the attack and determine what group was behind the move.

Committing to Transparency

The tweet also detailed that a significant amount of progress has been made in repairing the damages done. Riot Games is convinced the damage as a whole could be repaired by the end of the week. As such, they assure the public that the development of their two titles won’t be as affected by it.

Riot Games has also proclaimed its commitment to remaining transparent about the matter. They assured the public that a full report would be sent out in due time, explaining how the attack happened, the techniques used, and how the security controls of the developer failed to protect them. Furthermore, Riot Games will also publish the steps they will take in order to ensure this never happens again.

Constant innovation In All Circles

As technology moves forward, so too will the threat actors utilize new technologies to breach internal systems. A number of companies have already been breached this year. CircleCi stands as one of those companies. The software developer announced on the 5th of January that their customers must rotate passwords and sensitive data, as their systems were subject to a data breach.

While Riot Games didn’t recommend it, it’s always a smart choice to change your passwords every few months and enable two-step verification wherever possible. The more hoops threat actors need to jump through, the less likely that systems and accounts can be compromised in the process.