League of Legends source code hacked and up for sale

A threat actor is allegedly selling a source code of a popular game, League of Legends, on a cybercriminal forum at a starting price of $1 million.

On Tuesday, Riot Games, the developer of League of Legends, admitted falling victim to a ransomware attack.

The company has confirmed that the source code of one of its most recognized games was leaked.

"As promised, we wanted to update you on the status of last week's cyber attack. Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers," the company said in a tweet on Tuesday.

The company suffered the attack last week, which led to the delays of the scheduled game patches.

Riot Games refused to pay the ransom. “Needless to say, we won’t pay.”

Soon after the company disclosed the nature of the attack, a threat actor posted an ad on a popular criminal forum, Breached, claiming they were selling League of Legends source code. The ad reads [sic]:

"League of Legends Source Code Auction! As you know, League of Legends source code has been stolen, confirmed by Riot Games. I'm starting auction for the source code, at starting $1,000,000. ** INCLUDES PACKMAN (USERMODE ANTI-CHEAT FOR LEAGUE OF LEGENDS & VALORANT) **"

The threat actor has just joined Breached forums (the account was registered in January 2023) and has since posted only three times.

The California-based firm confirmed both in-house security teams and outside consultants were actively working with law enforcement, making substantial progress in the investigation.

According to its website, the developing, publishing, and e-tournament gaming company has over 4500 employees based in over 20 offices worldwide.

Hackers increasingly target gamers

According to Tonia Dudley, CISO at a security company Cofense, the attack follows an industry trend – hackers have been increasingly targeting the gaming sector.

"As investments in everything from eSports to video games have increased, cyberattacks – particularly distributed denial-of-service (DDoS) attacks – have skyrocketed. This attack comes shortly after the September ransomware attack on gaming giant, Rockstar, which resulted in stolen confidential internal data," Dudley said.

No personal data was exposed, however, the attack presents significant challenges, for example, an increased chance of cheating since the attack targeted the company's anti-cheating platform.

"Finally, one of the main components of any social engineering attack is its lure design. Scammers often use emotional triggers to get their victims to act, including fear and impulse, which causes many people to overlook phishing red flags like grammatical and formatting errors. As a result, it is essential that organizations take the necessary steps to protect inboxes, detect threats, and respond to attacks," Dudley concluded.