Riot Games says it lost the source code to the multiplayer title League of Legends after hackers breached its internal systems last week.
The hackers also stole the source code to another game, TeamFight Tactics (TFT), and the computer code for a “legacy anticheat platform,” Riot Games revealed(Opens in a new window) on Twitter today.
In addition, the hackers sent a “ransom email” to the game studio on the same day, demanding it pay up to keep the source code private. But Riot Games is refusing to submit.
As a result, it’s possible the hackers could publicly leak or try to sell the stolen source code to the highest bidder. However, both League of Legends and TFT are already free-to-play titles. Copyright protections also prevent other game studios from stealing assets for a game.
According to Riot Games, the real threat is the stolen source code giving cheaters a behind-the-scenes look at exploiting the game mechanics. “Truthfully, any exposure of source code can increase the likelihood of new cheats emerging,” the company said(Opens in a new window). “Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed.”
The stolen source code also contains experimental features for the games, but not all of these features may end up in the final product.
So far, Riot Games has only said the hackers managed to infiltrate the company’s systems through a “social engineering attack.” This likely means the attackers duped a company employee into giving up their corporate password or installing malware onto their computer.
Recommended by Our Editors
The incident has temporarily forced the company to delay updates for its games. But in some good news, Riot Games maintains that no user data appears to have been compromised in the hack. The company also expects to repair its ability to release game updates later this week.
“We’re committed to transparency and will release a full report in the future detailing the attackers’ techniques, the areas where Riot’s security controls failed, and the steps we’re taking to ensure this doesn’t happen again,” the studio added.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.