Hackers Behind Riot Games Breach Stole League of Legends Source Code

Riot Games says it lost the source code to the multiplayer title League of Legends after hackers breached its internal systems last week. The hackers also stole the source code to another game, TeamFight Tactics (TFT), and the computer code for a “legacy anticheat platform,” Riot Games revealed on Twitter today.

In addition, the hackers sent a “ransom email” to the game studio on the same day, demanding it pay up to keep the source code private. But Riot Games is refusing to submit. As a result, it’s possible the hackers could publicly leak or try to sell the stolen source code to the highest bidder. However, both League of Legends and TFT are already free-to-play titles. Copyright protections also prevent other game studios from stealing assets for a game.

According to Riot Games, the real threat is the stolen source code giving cheaters a behind-the-scenes look at exploiting the game mechanics. “Truthfully, any exposure of source code can increase the likelihood of new cheats emerging,” the company said. “Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed.”

As we have seen with previous similar incidents, even when paying the ransom, it does not guarantee the hackers’s demands and it has the potential of the payment increasing due to the power held by the attackers.

However, the tricky risk for Riot Games is trying to quickly ascertain whether the data stolen was in fact the whole source code or just the 2 pages shown by the hackers. The ransom is already extremely high but the financial damage to the company from losing this level of sensitive data could be on par with it on even more.

By not paying the ransom, it sends a strong message to the criminal underworld that not all companies will succumb to such demands and together they are more powerful. The clear financial motivation was stated in the message but not even negotiating could pave the way for less ransomware attacks in the future.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s