It’s been made known that a portion of Riot’s North American account information has been compromised. Usernames, email addresses, salted password hashes and first/last names have been accessed. While most of this information won’t necessarily harm your account, users with easy to guess passwords are at risk. To reduce the risk of hacked accounts, Riot are asking all North American players to change their passwords within the next 24 hours.
The news came from an announcement on the League of Legends blog. Roughly 120,000 transaction records from 2011 were affected, all of which are currently under active investigation. Any player who are linked to those transactions have been sent an email to notify them and protect their account.
The origins of the leak is still unknown, but for now Riot asks any North American players to change their passwords to be on the safe side. You can change it here.
To further bolster account security, a couple of new features are currently in development to help safeguard accounts:
- Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
- Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.
Riot have apologised for any inconvenience the situation may have caused.