League of legends databases hacked

#1 Edited by buft (3300 posts) -

Just receieved this email from Riot games, so if you play its time to change your password

Greetings Summoner,
Keeping your information secure is very important to us. That's why we're sorry to inform you that some of the account information you provided us may have been accessed by hackers. Most critically, some players' email address, encrypted account password, and date of birth. No payment or billing information of any kind was accessed.
As a safety precaution, please change your account passwords by logging in to euw.leagueoflegends.com and visiting the "my account" page (linked in the upper-right hand corner of the page after login). If you use the same password for accounts on other services, you should change those passwords as well.
For your security, the URL above isn't clickable. If you need to access your account, type the URL in directly. On that note, please be extra vigilant about emails you receive, especially if those emails contain attachments or links.
We're keeping this note short, but have created a forum post with much more information and the latest official updates on this situation at euw.leagueoflegends.com/board within the announcements forum.
We apologize for the inconvenience, and appreciate your immediate attention to resetting your password.
The League of Legends Security Team

Edit: ok, its europe only, the email does not state that.

#2 Edited by Joeyoe31 (820 posts) -
#3 Posted by wemibelec90 (1497 posts) -

This is only for EU players by the way. For those of you freaking out that didn't read closely enough or hear about this already.

#4 Posted by valrog (3671 posts) -

Just saw the email earlier.

Please use a good password. We compared encrypted password hashes and discovered that 11 passwords were shared by over 10,000 players each.

This is very concerning. I try to make my passwords as strong as possible, but in the end I'm only human and bound to repeat my patterns. Looks like I'll write that password generating program that I promised myself some time ago. If anyone needs it, hit me up.

#5 Posted by Bubbly (251 posts) -

@valrog: Try out Keepass. It is free, works on majority of platforms, and is very secure. Here is a quote from the site.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

It comes with a very handy random password tool which you can use. I use it and each of my passwords are unique and created randomly. I only remember passwords for important services (like my Email) and the password to open the database. If a site ever gets hacked and your password for that site is exposed you won't have to worry about the rest of your passwords with this program. I highly recommend it to everyone that browses the internet.

#6 Posted by valrog (3671 posts) -

@MODernChris: That looks very useful. One question, though. Where are the databases kept? On their servers, or is it a local thing?

Well, it's still orders of magnitude better than whatever the hell was I going to write... I feel like such an amateur now.

#7 Posted by Gargantuan (1880 posts) -

Hmm, I didn't get a mail. 

#8 Posted by mmzOne (275 posts) -

@valrog said:

@MODernChris: That looks very useful. One question, though. Where are the databases kept? On their servers, or is it a local thing?

Well, it's still orders of magnitude better than whatever the hell was I going to write... I feel like such an amateur now.

KeePass uses a local database. Although you are free to save the database where ever you want, USB-stick, server or HDD.

#9 Posted by valrog (3671 posts) -

@mmzOne: Great. I was hoping it would be local.

#10 Posted by Azteck (7450 posts) -

Already changed my password last night. Hope they beefed up their security after this

#11 Posted by jakob187 (21642 posts) -

Even though I'm in the U.S., I could do for changing my password again. It's only been 48 days or so since my last password swap. = /

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.