Hackers targeted League of Legends, with Riot Games confirming its North American accounts among those affected. Riot Games revealed via its blog that the compromised information consisted of usernames, emails, credit card information, salted password hashes and names.
Its password files were accessed during the hack, and while encrypted, mainly users with predictable words and phrases for passwords are truly at risk. Passwords with uncommon groupings of words are harder to crack.
Riot Games is currently investigating a 2011 incident in which 120,000 transaction records containing credit card information was accessed. Since then, according to Riot Games, the compromised payment system has not been used.
“We are taking appropriate action to notify and safeguard affected players,” Riot Games said in a statement. “We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.”
Within the next 24 hours, Riot Games is requiring all North American accounts to change their passwords to stronger ones that are harder to hack, as well as bolstering its security features.
“We’re sincerely sorry about this situation,” Riot Games said. “We apologize for the inconvenience and will continue to focus on account security going forward.”