Riot games has admitted via its official site that unfortunately, a portion of its North American user base, has had their account details exposed in what we can presume was some sort of hack. However, Riot never explicitly states this, saying that instead data was “compromised,” so either it's avoiding saying the word hacker, or potentially there could have been some sort of slip up at its end.
It seems unlikely we'll ever know, but fortunately Riot isn't one of those companies that simply puts good faith in the human spirit and instead had passwords stored as salted hashes; so those that were “compromised” aren't too revealing. However, along with these passwords, usernames and email addresses were also revealed, as well as some first and last names.
Worst of all perhaps, is that some credit card transaction records from 2011 were also compromised, though again, all financial information was salted and hashed – so that's something at least.
As you might expect, Riot is emailing everyone directly affected by the maybe-hack, to let them know their credit card details are at risk. It's also going to force all North American players to change their password within the next 24 hours.
On top of that Riot is adding some new security measures, including email verification for new registrations and account changes, and two factor authentication that will require a mobile SMS message response to major email or password alterations.
It also apologised for the situation and pledged to improve security moving forward.
KitGuru Says: Not much to complain about here. It's a shame it happened, but Riot had the important information encrypted, it's apologised and most importantly, it didn't try to hide that it happened. Can't really ask much more from a developer, can you?
[Thanks Kotaku]