Security Update Discussion

First Riot Post
Comment below rating threshold, click here to show it.

SocialJusticeBLM

Junior Member

08-20-2013

Quick request as far as the two factor authentication goes: any chance of implementing TOTP in addition to the email/SMS? There's plenty of clients that can handle the protocol already, so it's not like you'll need to create a LoL-specific app.


Comment below rating threshold, click here to show it.

falkenjeff

Senior Member

08-20-2013

Why is Jason, the hacker, still allowed to play the game and post on the forums?

Why am I allowed to chat with him in the game?

And he's been using the same account for several days (PVP), even though he could get a new one if you tried to ban him. But why haven't you even tried? You're letting him run rampant.


Comment below rating threshold, click here to show it.

Thunder God Olaf

This user has referred a friend to League of Legends, click for more information

Senior Member

08-20-2013

Hi Riot staff and employees

I am not happy with the fact that our info was compromised, I am however extremely pleased have not tried to cover it up, Dont see this as a dark day Riot, Rather a turning point where a business can actually still be honest and still do extremely well.

As far as i'm concerned You guys have done an excellent job I'm sorry things happened on your end but with the level of honesty in revealing it to us, makes me feel safer at night knowing that you guys are being truthful as well as trying even harder to keep out accounts and stuff safe.

Thanks for being an awesome company even when things get tough.


Comment below rating threshold, click here to show it.

HellFireGuardian

Junior Member

08-20-2013

i can't even update league at all it was running fine earlier today but ever since this latest update. Do not know if it is just me. But it downloads then stays at 99% for step 1 and will not go past that. Do not wat else to do


Comment below rating threshold, click here to show it.

Kalasen

Senior Member

08-20-2013

Quote:
Originally Posted by TheRealGematria View Post
For the record, "salted password hashes" aren't unreadable. That implies that they can't decrypt them. Which I can assure you they have as my email was accessed as well. I've spent the last 1.5 hours changing passwords, even those that weren't similar. I'm sick of software developers leaving themselves vulnerable. Get it together, hire a better auditor, this is absurd.
Yeah. If the hackers have an encrypted file, it's only a matter of time and machine power before it's cracked. It's basically the difference between putting in a random password to a web page and asking "is this right?" once every minute and getting locked out if you guess wrong too many times... and being able to ask a million times per second with no lockout. Not exactly how it works, but you get the picture. Whatever they were able to access should be seen as readable, even if it takes them a couple days to get the encrypted files readable.

Riot's been dropping the ball lately. Missing deadlines by double the expected production time I can handle, occasional server lag spikes meh, but a massive security breach in which everyone has to reset account passwords is a big deal. Some of us don't use randomized passwords for everything on the internet we set an account up with. Have to go change some other things I used the same password as LoL with.


Comment below rating threshold, click here to show it.

Steven Mcburn

This user has referred a friend to League of Legends, click for more information

Senior Member

08-20-2013

So this happened because they changed the forums right?


Something that they didn't need to do and had all the time in the world to make sure was right?



........


Comment below rating threshold, click here to show it.

Kalasen

Senior Member

08-20-2013

Quote:
Originally Posted by Steven Mcburn View Post
So this happened because they changed the forums right?


Something that they didn't need to do and had all the time in the world to make sure was right?



........
I doubt it, this runs deeper than that. They were able to crack red accounts and break into players' actual game accounts to do with as they wish, got email names of the related account too I'm pretty sure I read. Everything short of credit card info - though they did get the equivalent of receipts on purchases.


Comment below rating threshold, click here to show it.

illeatyourfamily

Junior Member

08-20-2013

how will we know if our account is in jeopardy?


Comment below rating threshold, click here to show it.

Briars

Junior Member

08-21-2013

i changed my password and i am unable to log in now


Comment below rating threshold, click here to show it.

Slaidz

Member

08-21-2013

So, what about this supposed hacker?