Riot Games compromised, new releases and patches halted

Popular game developer Riot Games brings word of a system compromise which may cause issues for updates to well known titles, although for the time being it seems as though customer data isn’t affected.

A social engineering development

Making the notification via Twitter late last week, we’re still waiting on the full story as an investigation takes place. For now Riot, stewards of titles such as Valorant and League of Legends, made the following statement in relation to the attack:

Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained.

We may not be told the full details of what exactly took place here. Based on how these things usually tend to go, social engineering launched via an email sent directly to an employee could be a strong candidate.

Having said that, games publishers and developers make use of everything from social media to Discord for keeping in touch with players and fans. It could just as easily be that this began in a social media direct message and spiralled from there.

Slowdowns expected

Riot Games manages a number of incredibly popular online titles. This newly discovered compromise is going to cause some drag and delay in relation to keeping things updated with new content and other under the hood activities.

Unfortunately, this has temporarily affected our ability to release content. While our teams are working hard on a fix, we expect this to impact our upcoming patch cadence across multiple games.

League of Legends, for example, has a regular patching cycle and some of those patches are very large indeed, as you’d expect for an online game. The League of Legends Twitter account has already warned of potential impact. Valorant operates in much the same way. We can expect similar across all titles as resources are used up to ensure the compromise has been fully contained and addressed.

The game developer jackpot

Games companies have been major targets for compromise for years, which is only to be expected considering the huge amount of data these organisations have access to. There are so many areas for exploitation, from game platform logins to publisher-centric accounts. You can target a PC running a game with remote code execution, go phishing for two-factor authentication codes, steal an account and sell digital items from its inventory…the list is endless.

The only good thing here is the low probability of customer data having been grabbed, with the attack instead focusing on the development environment for reasons known only to the attacker. There have been many incidents where attackers poking around behind the scenes have been in an effort to upload or release rogue files via game titles themselves.

This hasn’t happened here, thankfully, and with any luck Riot Games will release additional information as the week goes by.

Update, 9:03AM (GMT-8)

Riot Games updated its Twitter followers regarding the compromise. It confirmed attackers were able to steal code for some its flagship games, League of Legends and Teamfight Tactics (TFT), and a legacy anticheat platform.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://blog.malwarebytes.com/feed/