On January 20, Riot announced it was targeted by a social engineering attack that compromised its development environment. The company hasn’t shared details about how the attacker got into its system or what exactly went down, but it did mention this will delay its ability to push out game patches.
It’s still too early to say whether this will affect players in any other ways, but the company’s socials have been swarming with account complaints for the last 10 days, especially on Reddit – though, it’s possible these cases are unrelated.
That said, it’s been a tough start to the year for Riot, who has had to deal with plenty of player backlash already. From an overwhelmingly negative reception of the Season 2023 cinematic to unhappiness about changes to the start time of the LCS broadcasts.
Riot Games Pushes Back Game Patches
At this stage, Riot hasn’t provided a lot of information beyond saying it’s still investigating the attack. These delays could be due to the company having to follow an incident response plan which might limit developer access to certain systems, and takes time to complete. It could also be the result of a ransomware attack, which locked the developers out of certain systems or files.
Late on the 24th, Riot posted another tweet explaining it found evidence the attackers stole source code for League, TFT, and a legacy anticheat platform. The company also admitted to receiving a ransom email which pretty much confirms the likelihood of this being a ransomware attack. While the company says it won’t pay, Riot speculates the stolen code could cause disruptions in the future. Most notably in the form of newly emerging cheats — although Riot is assessing the impact on anticheat and preparing to deploy fixes as needed.
The development teams behind League of Legends and Valorant have confirmed the patches for their games are delayed. The League team says it’s working to stretch the delivery of Patch 13.2 (which was scheduled for release on January 26) by focusing on delivering hotfixes. They seem confident they’ll be able to deliver the majority of tested balance changes on time. Less immediate content, like the Ahri ASU will likely be moved to Patch 13.3 which releases on February 8.
Valorant’s developers says its next patch and preliminary PBE 6.2 have been delayed to early February. Interestingly, the developers first announced this delay on the official Valorant Reddit page for public beta environments. They declined to provide a reason for the delay at the time, though. After this started leading to speculation, Riot Games followed up with its Twitter announcement of the attack, possibly to mitigate further guesswork.
Riot Players’ Personal Data Safe for Now
The game publisher states it hasn’t found any evidence to show player data or personal information has been compromised, but that could change at any time. It’s not uncommon for companies to announce something like this only to backtrack at a later time after concluding further investigations.
It might be unrelated, but the Riot Games Reddit page has seen a number of complaints about either hacked accounts or account bans for both League of Legends and Valorant this past week. It’s hard to say whether this is an abnormal trend compared to the number of complaints it generally receives without doing an in-depth study of past posts. That said, the number seems to have increased considerably compared to the previous two months.
One of the most concerning things stemming from these complaints, though, is the common thread of Riot’s terrible customer support. Many have complained about just receiving automated replies which don’t sort out the issue, with no way to talk to a real person. It’s possible this could be due to an increase in customer support tickets and staff aren’t able to keep up.
Secure Your Riot Games Account
If you play any of the games published by Riot Games, it’s a good idea to secure your accounts right away. First and foremost, your Riot Games account should have 2-factor authentication enabled. You can also change your account password, just to be on the safe side — make sure to choose a strong password.
If you suspect any foul play with your account in the coming weeks, it’s best to change your password again just in case. This includes strange activity, account changes not authorized by you, and strange messages.
Speaking of strange activity, it’s possible attackers still have access to some of Riot’s systems or files and may send out phishing messages with malicious links. If you receive any suspicious emails or messages from the publisher containing links, it’s likely best to ignore them.
Until we get some more details about the attack, hopefully in the coming weeks, it’s best to err on the side of caution. You don’t want all those hours you put into building up your rank and skins to go to waste.
If you want to upgrade your security, get CyberGhost VPN and connect to our secure gaming-optimized servers to play free from the threat of DDoS, swatting, and other cyber attacks. You can also use CyberGhost VPN’s thousands of servers across the world to change your region in League of Legends and Valorant, just follow our handy guides.