Riot Games compromised, new releases and patches halted
Popular game developer Riot Games brings word of a system compromise which may cause issues for updates to well known titles, although for the time being it seems as though customer data isn’t affected.
A social engineering development
Making the notification via Twitter late last week, we’re still waiting on the full story as an investigation takes place. For now Riot, stewards of titles such as Valorant and League of Legends, made the following statement in relation to the attack:
Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained.
We may not be told the full details of what exactly took place here. Based on how these things usually tend to go, social engineering launched via an email sent directly to an employee could be a strong candidate.
Having said that, games publishers and developers make use of everything from social media to Discord for keeping in touch with players and fans. It could just as easily be that this began in a social media direct message and spiralled from there.
Slowdowns expected
Riot Games manages a number of incredibly popular online titles. This newly discovered compromise is going to cause some drag and delay in relation to keeping things updated with new content and other under the hood activities.
Unfortunately, this has temporarily affected our ability to release content. While our teams are working hard on a fix, we expect this to impact our upcoming patch cadence across multiple games.
League of Legends, for example, has a regular patching cycle and some of those patches are very large indeed, as you’d expect for an online game. The League of Legends Twitter account has already warned of potential impact. Valorant operates in much the same way. We can expect similar across all titles as resources are used up to ensure the compromise has been fully contained and addressed.
The game developer jackpot
Games companies have been major targets for compromise for years, which is only to be expected considering the huge amount of data these organisations have access to. There are so many areas for exploitation, from game platform logins to publisher-centric accounts. You can target a PC running a game with remote code execution, go phishing for two-factor authentication codes, steal an account and sell digital items from its inventory…the list is endless.
The only good thing here is the low probability of customer data having been grabbed, with the attack instead focusing on the development environment for reasons known only to the attacker. There have been many incidents where attackers poking around behind the scenes have been in an effort to upload or release rogue files via game titles themselves.
This hasn’t happened here, thankfully, and with any luck Riot Games will release additional information as the week goes by.
Update, 9:03AM (GMT-8)
Riot Games updated its Twitter followers regarding the compromise. It confirmed attackers were able to steal code for some its flagship games, League of Legends and Teamfight Tactics (TFT), and a legacy anticheat platform.
As promised, we wanted to update you on the status of last week’s cyber attack. Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers.
— Riot Games (@riotgames) January 24, 2023
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.