Cyberattack On Riot Games Last Friday, Riot Games confirmed the cyberattack in a series of tweets in which it said that it was targeted by threat actors in an unexpected social engineering attack where the game company’s developer environment was compromised. Additionally, the source code for League of Legends (LoL), Teamfight Tactics (TFT), and its “legacy” anti-cheat platform were also exfiltrated by the threat actor. “The illegally obtained source code also includes a number of experimental features. While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and there’s no guarantee it will ever be released,” the company announced in a series of tweets. While the exact nature of the hack is unknown, Riot Games said that no player data or player personal information has been compromised. It added that the cyberattack would slow down the release of upcoming patches for some of its games. Ransom Demand The threat actor this Tuesday has reportedly sent a ransom email to Riot Games and demanded a payment of $10 million in order to prevent the stolen data from going online. Below is an excerpt from the ransom email sent to Riot Games: “Dear Riot Games, We have obtained your valuable data, including the precious anti-cheat source code and the entire game code for League of Legends and its tools, as well as Packman, your usermode anti cheat. We understand the significance of these artifacts and the impact their release to the public would have on your major titles, Valorant and League of Legends. In light of this, we are making a small request for an exchange of $10,000,000.” As evidence, the hacker also sent two PDF documents that contains the stolen Packman and League of Legends source code. Once the ransom payment is received, the hackers claimed that they will erase the code from their servers and the files will never be released to the public. They will also “provide insight into how the breach occurred and offer advice on preventing future breaches.” Further, the ransom note added that, “We do not wish to harm your reputation or cause public disturbance. Our sole motivation is financial gain.” The initial email also provided a deadline of 12 hours to respond, noting that a failure to do so would result in “the hack being made public and the extent of the breach being known to more individuals.” Responding to the ransom note, Riot Games said that it won’t pay the ransom amount demanded by the attackers. “Today, we received a ransom email. Needless to say, we won’t pay,” Riot Games’ official Twitter account announced.
While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised. 2/7 — Riot Games (@riotgames) January 24, 2023 Stolen Source Code Put Up For Auction Following the disclosure of the cyberattack by Riot Games, a threat actor who goes by the name “Arka” or “ArkaT” posted an ad on a popular criminal forum, Breached, selling the stolen source code of the League of Legends for a minimum of $1 million, which also includes Packman and user mode anti-cheat for League of Legends and Valorant. “League of Legends Source Code Auction! As you know, League of Legends source code has been stolen, confirmed by Riot Games. I’m starting auction for the source code, at starting $1,000,000. ** INCLUDES PACKMAN (USERMODE ANTI-CHEAT FOR LEAGUE OF LEGENDS & VALORANT) **.” The post includes a large PDF that contains a directory listing of the 72.4 GB stolen source code. According to the hacker, cheat makers for League of Legends could end up paying huge amounts for the source code for games and an anti-cheat system, as a threat actor can create cheats or exploits for these games. “This is very valuable for cheat developers, it’s a huge game, I’m sure it would be at every advantage for a cheat developer,” Arka wrote in the forum thread. Indeed, Riot Games too believes that if the source code is leaked, it could result in the spread of new cheats for League of Legends. “Truthfully, any exposure of source code can increase the likelihood of new cheats emerging. Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed,” the company said in a tweet on Tuesday. “We’ve made a lot of progress since last week and we believe we’ll have things repaired later in the week, which will allow us to remain on our regular patch cadence going forward. The League and TFT teams will update you soon on what this means for each game.”