Riot Games receives ‘ransom email’ for stolen source code following social engineering attack
Players competing in a League of Legends tournament. Image: Bruce Liu via CC BY-SA 3.0
Alexander Martin January 24, 2023

Riot Games receives ‘ransom email’ for stolen source code following social engineering attack

Riot Games receives ‘ransom email’ for stolen source code following social engineering attack

Riot Games, the video game developer and esports organizer, said on Tuesday that it had received a ransom email following a social engineering attack last week.

“Needless to say, we won’t pay,” the company’s official Twitter account announced.

When the incident was disclosed, Riot Games said that multiple systems in its development environment had been compromised and said the incident had affected its ability to release new content.

In a series of tweets updating gamers, the company said that source code for its popular titles League of Legends and Teamfight Tactics had been exfiltrated during the attack.

It warned that the attack “disrupted our build environment and could cause issues in the future” but stressed “most importantly we remain confident that no player data or player personal information was compromised.”

Alongside the source code for its popular games the company said that the attackers stole information relating to “a legacy anticheat platform.”

“Truthfully, any exposure of source code can increase the likelihood of new cheats emerging. Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed,” the company announced.

Riot said the “illegally obtained” code contained “a number of experimental features” which might never have made it into the official games.

“While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and there’s no guarantee it will ever be released,” the company said.

Both its internal security teams and a “globally recognised external consultant” are evaluating the attack and auditing Riot’s systems, the company said, adding that it had notified law enforcement and was “in active cooperation with them as they investigate the attack and the group behind it.”

“We’re committed to transparency and will release a full report in the future detailing the attackers’ techniques, the areas where Riot’s security controls failed, and the steps we’re taking to ensure this doesn’t happen again,” the company added.

The cyber incident is one of many impacting the gaming industry. It follows gaming giant Rockstar confirming last September that a hacker had broken into its systems and stolen confidential internal data, including footage from the next installment of its Grand Theft Auto (GTA) series.

The suspected hacker in that incident shared images, videos and source code on a fan forum as evidence that they had accessed the “GTA 5 and 6 source code and assets, GTA 6 testing build.”

The Ragnar Locker ransomware group attacked Capcom in 2020 while the Egregor ransomware gang hit both Ubisoft and Crytek. CD Projekt Red – the Polish game developer behind titles like Cyberpunk 2077 and The Witcher series – was hit by the HelloKitty ransomware group in 2021, and that same year access to Electronic Arts games and servers was put up for sale following a hack.

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.