A newly-discovered exploit in League of Legends is allowing hackers to access the game’s store using a browser and a player’s ID and session toker. With this information, the hacker can then spend the victim’s RP and IP currency.
Riot are aware of the exploit, and are currently working to plug the hole.
The video above shows streamers Imaqtpie and Nightblue3 falling victim to the exploit. The key to the hack is being able to access the game’s store through an internet browser, rather than the actual game client. Reddit currently has a thread dedicated to people sharing their experiences of the hack.
“We’re getting this fixed right now, though we can’t speak to the specifics of the exploit or the explanations fellow Redditors have been offering,” said a Riot spokesperson on the League of Legends Reddit. “What we can say is that we can see everyone who was hit by an attack, and we’ll be returning all RP/IP that was lost.
“Since the store was involved, we also want to reassure you that this didn’t expose any personal information like credit card numbers. Your data is safe.”
Thanks, PC Gamer.