Security Update Discussion

First Riot Post
Comment below rating threshold, click here to show it.

NightFire666

Senior Member

08-20-2013

Quote:
Originally Posted by Jiggybuns View Post
Hi, I'd love to know when my account is going to get moved back to NA from LAS after the "hacker" transferred me there for getting mouthy with him on the forums.

Every person who posted on the forums is as much at risk as I was, so I assume you're taking this matter very seriously. What are you doing to prevent this access in the future?

Probably nothing, it's not hard to hack League since the last time they updated the security was when Yi was initially released.


Comment below rating threshold, click here to show it.

NA Darklarik

Senior Member

08-20-2013

Quick Question, im in LAS Server, will we ever get Phone Code security checkups for password change? I have this for my email, but would love to do it for lol, my password is very complex (such so i had to write it down), but just in case...


Comment below rating threshold, click here to show it.

Jayarrrrr

Member

08-20-2013

Quote:
Originally Posted by Skyhawke View Post
Please read the post I quoted. That is the post I was replying to. Don't make blanket statements "Riot chooses not to say ANYTHING" when what you just stated here in the quotes is more accurate.
How are these two statements different in any way besides the obvious bias you have towards the statement in general because it isn't purposefully nomnomnoming on Riot's genitalia?

Quote:
Please read the post if you are going to reply to it. This was not done until several DAYS had past, and several hundred threads/players were banned, muted, moved, edited, ect. already.
Quote:
Because it took them several DAYS to come out with an official announcement that said "we are aware of the situation" and that was it. Prior to this thread being posted, several people were banned, and hundreds of threads were deleted regarding the matter, giving the feeling of Riot trying to sweep the whole matter under the rug. It is just horrible customer support/HR and Riot has been known for that since I started playing. This company has a great game, however they apparently do not know how to handle the aspect of proper and adequate community interaction.
Looks pretty much identical to me.


Comment below rating threshold, click here to show it.

Master Yi is UP

Senior Member

08-20-2013

Well, this has been pretty much confirmation of my "conspiracies"

Thank you Chager.


Comment below rating threshold, click here to show it.

CQCSnake

Senior Member

08-20-2013

Why did I have to find out about this security breach from other websites first?? I should have been emailed immediately. Also, when I came to leagueoflegends.com I didn't see any sort of urgent alert. I came here to verify if the hack was true and I thought it was fake until I scrolled down more than half way on the main page. RIOT please be more responsible and make sure this password change issue is the first thing anyone sees when they come on this website!


Comment below rating threshold, click here to show it.

Gankator

Junior Member

08-20-2013

Im in a game right now, and because of problems had to re-open the client to this update. so now going to get me a leave. I hate the timing of these updates..


Comment below rating threshold, click here to show it.

Frosted Inferno

Junior Member

08-20-2013

So wait let me get this straight. You guys are trolling us by taking forever with Lucian AND we get our info stolen? Good job riot.


Comment below rating threshold, click here to show it.

Particicutor

Junior Member

08-20-2013

Riot, I have two questions:

1. How strong was the original hashing scheme? How many bits of entropy were in the salts? Did you use an actual key derivation function or did you just SHA1(password + salt)?
2. More importantly, how strong is the hashing scheme now? Does it use a state-of-the-art algorithm like scrypt?


Comment below rating threshold, click here to show it.

Weazyritzstrket

Senior Member

08-20-2013

Quote:
Originally Posted by Chager View Post
@FrozenXylaphone - because the folks that crafted the message know best I'm going to quote this directly from the news post

"What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft."
This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft. RIOT LOGIC


Comment below rating threshold, click here to show it.

falkenjeff

Senior Member

08-20-2013

Will you be notifying the credit card companies directly?

1) Why don't you directly notify the credit card companies, and have them cancel the cards on their end. My card got "compromised" by some unstated reason and my Mastercard company issued me a new one without telling me why. A game as big a LoL should warrant the same action that they take when a convenience store or something similar gets compromised. This also saves you if people have invalid email addresses on file, but still use those old cards, as the credit card company will deal with it directly. -----------

2) Yes, the cards are hashed, but I'm sure the script kiddie who stole them can hire someone more skilled to crack them, since cracking those produces REAL MONEY for the hackers. ----------

3) I'd also like to say that you guys handled this whole situation VERY poorly. This has been going on for 1 or 2 weeks now? And you just NOW admit what really happened and what is compromised? Players have been directly talking to this hacker, and the bad PR is EVERYWHERE, especially when you were trying to cover it all up and keep it hush hush.