clock menu more-arrow no yes mobile

Filed under:

Hackers holding League of Legends, Teamfight Tactics source code for ransom

Source code for Riot’s League of Legends anticheat platform was also acquired in a socially engineered hack

Artwork of Sylas from League of Legends breaking through a wall — he’s smiling with a mystical glow from his left hand lighting his face Image: Riot Games
Nicole Carpenter is a senior reporter specializing in investigative features about labor issues in the game industry, as well as the business and culture of games.

A hacker is looking for ransom payments after acquiring source code for Riot Games’ League of Legends, Teamfight Tactics, and the company’s “legacy anticheat platform,” a spokesperson for the company said on Twitter. Riot Games has refused to pay after systems were compromised in a socially engineered scam.

The company stopped releasing content for League of Legends and Teamfight Tactics while teams worked to secure the system. Riot Games expects that a fix will be implemented later in the week, wherein patch updates will then resume. Both Teamfight Tactics and League of Legends will get hotfixes to push through some expected changes, but more major adjustments will have to wait — for Teamfight Tactics and League of Legends, the big stuff is being moved to Feb. 8 patches.

No player data or personal information was compromised in the attack, according to Riot Games. The source code for each of the games, however, includes “experimental” features that the company was not ready to share — prototype work with no guarantee for release.

The other major concern regarding the stolen source code is the likelihood of new cheats, Riot Games said. “Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed,” it tweeted. The company is working with its security team, consultants, and law enforcement to investigate the attack and its perpetrators.

Riot Games declined to comment further on the attack, but noted that the company intends to publish a full report that details “the attackers’ techniques, the areas where Riot’s security controls failed, and the steps [it’s] taking to ensure this doesn’t happen again.” Social engineering scams are designed to target people — in this case, people with access to Riot Games’ systems. They exploit human error, for example by sending fake emails designed to trick a person into sharing information or installing malware. Social engineering hacks are a common tactic; they led to Rockstar Games’ Grand Theft Auto 6 leak last year.

Riot Games has targeted social engineering scammers in the past, too. In December 2021, it filed a lawsuit against a ring of scammers targeting job seekers — in particular, people who wanted to get into the video game industry. Scammers, in that case, published fake job postings, held fake interviews, and eventually stole money from victims. That lawsuit was dismissed in 2022.

The next level of puzzles.

Take a break from your day by playing a puzzle or two! We’ve got SpellTower, Typeshift, crosswords, and more.