A dark forum user under the alias ArkaT claimed to have access to the source code for League of Legends, a day after hackers reportedly demanded a ransom of $10 million from developer Riot Games.
Riot Games have confirmed that the source code for League of Legends, Teamfight Tactics, and a legacy anticheat platform were exfiltrated by the attackers.
“The illegally obtained source code also includes a number of experimental features. While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and there’s no guarantee it will ever be released,” the company tweeted.
As promised, we wanted to update you on the status of last week’s cyber attack. Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers.
1/7 https://t.co/IogE05HaD1
— Riot Games (@riotgames) January 24, 2023
League of Legends is one of the most reputed multiplayer video games online, developed and published by Riot Games. The company disclosed a cyberattack last week, and now the stolen data from the gaming giant is being sold on dark web forums.
Riot Games currently manages Teamfight Tactics, Legends of Runeterra, VALORANT, and League of Legends: Wild Rift. Out of these games, the source code of League of Legends and ‘Teamfight Tactics’ have been stolen by an unknown hacker and put on sale on the dark web.
“Dear Riot Games,” begins the ransom note, a copy of which Motherboard obtained.
“We have obtained your valuable data, including the precious anti-cheat source code and the entire game code for League of Legends and its tools, as well as Packman, your usermode anti-cheat. We understand the significance of these artifacts and the impact their release to the public would have on your major titles, Valorant and League of Legends. In light of this, we are making a small request for an exchange of $10,000,000,” reported Motherboard.
An unknown user in a hackers forum claims to have obtained the source code for League of Legends, and is being held for auction. Riot Games earlier confirmed a social engineering attack on their systems.#databreach #cyberrisk #DarkWeb pic.twitter.com/cpKfCFytSQ
— FalconFeedsio (@FalconFeedsio) January 25, 2023
League of Legends Source Code for Sale
“As you know, League of Legends source code has been stolen, confirmed by Riot Games. I’m starting suction for the source code, at starting $1,000),” claimed a dark forum user under the alias ArkaT.
Alongside the source codes for two games, Riot Games’ anti-cheat platforms seem to be another direct casualty of the attack. The disclosure and the sale notice come hot on the heels of a social engineering attack on the gaming company last week.
“Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained,” reads the Tweet by Riot Games.
Though Riot Games have started to mitigate the damages at the time of writing this, the after-effects have already crashed the company’s two main game titles.
“League of Legends LEC 2023 Winter Split, during its first week has been subjected to several pauses and delays in between games,” reported SportsKeeda.
“The commissioner at Riot Games confirmed that the primary reason behind the delays has been firmware issues,” the report added.
Gamers and developers have voiced their concern that the stolen source code might lead to the creation of new in-game cheats.
Most Riot Games are free-to-play but players can purchase in-game currency to unlock new agents, weapons, and other items.
Why are hackers targeting gaming companies?
Cybercriminals target the gaming industry with various motivations, from financial gain by stealing in-game currency to accessing personal information of the users. Others aim to disrupt the gaming experience for players or acquire valuable intellectual property like source code or game design documents.
The large and dedicated user base of gaming companies makes them an attractive target for attackers seeking notoriety or to spread malware.
Gaming companies also store a wealth of personal information on their servers, such as credit card information and login credentials, which can be alluring to hackers.
Furthermore, the cutthroat competition in the gaming industry may lead some hackers to steal confidential information about upcoming games and features for an unfair advantage.
And not just cybercriminals but nation-state actors also see gaming companies as a prime target as they can be used to control the population and spread disinformation.