Hackers have gotten increasingly bold over the past couple of years. Last year, Rockstar’s upcoming Grand Theft Auto 6 suffered a hacking incident that left the gaming world stunned. Now, new reports are coming in that another popular video game has been hacked with the source code being held for ransom.
Riot Games recently revealed that it has received a ransom demand following a cyber-attack. The hackers reportedly gained possession of the source code for two of the company’s biggest games during the security breach. The source code for League of Legends, Teamfight Tactics, and a legacy anti-cheat program were stolen during the cyber-attack.
@xfire.com Hackers have stolen the League of Legends source code #leagueoflegends #leagueoflegendsriotgames #riotgamesleagueoflegends #fyp #foryoupage #foryou
According to the studio, the development environment for these games was compromised via a social engineering attack. This method involves the psychological manipulation of individuals into divulging confidential information or performing actions that can compromise security measures. Essentially, some employees were duped.
As promised, we wanted to update you on the status of last week’s cyber attack,” Riot Games tweeted. “Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers.”
“Today, we received a ransom email. Needless to say, we won’t pay,” the studio adds. “While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised.”
Today, we received a ransom email. Needless to say, we won’t pay.
While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised.
2/7
— Riot Games (@riotgames) January 24, 2023
The hackers are reportedly asking for $10 million to prevent the source code from leaking on the internet, with such leaked code usually being dumped on paste sites. Vice managed to obtain a copy of the ransom letter that was sent to Riot Games.
“Dear Riot Games,” the ransom letter starts. “We have obtained your valuable data, including the precious anti-cheat source code and the entire game code for League of Legends and its tools, as well as Packman, your usermode anti-cheat. We understand the significance of these artifacts and the impact their release to the public would have on your major titles, Valorant and League of Legends. In light of this, we are making a small request for an exchange of $10,000,000.”
As proof, the hackers attached two large PDFs providing evidence that they are in possession of the League of Legends source code. The hackers promise to scrub its servers of the source code if the ransom is paid. The hackers provided a Telegram link that Riot Games can use to communicate with them.
“We do not wish to harm your reputation or cause public disturbance. Our sole motivation is financial gain,” the hackers said. “Failure to do so will result in the hack being made public and the extent of the breach being known to more individuals.”
Riot Games has stated that it will not be giving in to the hackers’ ransom demand. The studio has, however, revealed that the source code being leaked would increase the likelihood of new cheats appearing in the affected games.
The source code also contains some experimental features for League of Legends. The studio cannot guarantee that these prototype features will be released in light of the security breach – not that there would have been a guarantee either way, and features tend to change a lot during development.
In the future, Riot Games will release a full report detailing the method of the attack and what steps the company is taking to ensure that it does not happen again. The developer will also be updating players on how this incident will affect each of the games involved.
It is interesting to see such ransomware attacks still being carried out, as each high profile case in the past has resulted in the gaming companies affected to go public and not pay – at least, so they claim.
