The alleged hacker behind the Riot Games breach is now trying to auction off the source code for the game League of Legends and is taking bids starting at $1 million.
The hacker, who goes by the name “Arka” or “ArkaT,” posted the sale on a popular forum that traffics in stolen databases. As proof that the sale is real, the hacker posted a large PDF file that shows all the directories and folders they allegedly stole from Riot Games.
Based on the PDF, the hacker looted at least 72GB of data from the company. In addition, Arka claims to have taken files concerning “Packman,” an anticheat platform for League of Legends.
The hacker is hoping cheat makers for League of Legends, a competitive esports title, will end up paying big bucks for the source code, which could reveal vulnerabilities and loopholes in the game mechanics. “This is very valuable for cheat developers, it’s a huge game, I’m sure it would be at every advantage for a cheat developer,” Arka wrote in the forum thread.
Indeed, Riot Games itself predicts the source code, if leaked, could result in the circulation of new cheats for League of Legends. “Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed,” the company told the public yesterday.
Arka declined to comment on the hack to PCMag. But according(Opens in a new window) to Motherboard, the hacker sent Riot Games a ransom note asking for $10 million to prevent the leak of the source code. However, the game studio is refusing to pay.
Recommended by Our Editors
Arka also appears to have told(Opens in a new window) VX-Underground, a site that tracks cybercriminal activity, that they managed to breach Riot Games by “social engineering” an employee using SMS text messages. This likely means Arka sent a phishing message to the victim employee that tricked them into handing over their login credentials.
Riot Games didn’t immediately respond to a request for comment. But the company has said the hacker only stole computer code for a “legacy anticheat platform.” The game studio plans on providing more details about the breach, including the hackers’ techniques, in the future.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.