Another online game has had its servers breached. Today League of Legends publisher Riot Games announced that hackers have managed to gain access to data hosted on the companies servers.
In a news post on the North American League of Legends site, the company mentions that usernames, email addresses, salted password hashes, and some first and last names were accessed during the breach. They do mention that because the passwords were salted it should mean that they will be unreadable but people with simple passwords are still vulnerable.
As a security precaution they are currently requiring players to change their passwords to stronger ones. You will be prompted next time you log in to make the change. They have also announced new security features that are currently in development that should in the future for players who believe their accounts have been compromised, these features are as follows.
Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.
These features will be familiar to users of other online games such as World of Warcraft or Guild Wars 2, both have the option of 2 Factor Authentication, either by a seperate dongle or by using an app on your phone to generate a key. It makes me wonder why these features were not already part of such a popular game, but it is good to see that they are working on making it harder for account theft to happen in the future.