The maker of the popular multiplayer online games Valorant and League of Legends, Riot Games, has announced that a cyberattack hit it in mid-January 2023. Thankfully, they did not harm data from LoL accounts. The attack on its development environment included stealing the source code of Teamfight Tactics and League of Legends, along with the legacy anti-cheat platform. Now, the hackers behind the recent assault announced that they would auction off the source code of some of Riot’s popular games—unless the company decides to pay the ransom.
No Player Information Was Harmed In the Process
Thankfully, the hacker harmed no personal information or player data in the attack. However, the source code stolen for each game included “experimental” features that Riot Games was not ready to share with the world. The company also stated that its primary concern regarding the lost source code lies in the likelihood of new cheats surfacing. If the source code were to be released by the attackers—whether through a sale or publicly—it could have implications for cheat software. Riot acknowledges this by saying that this could potentially cause issues in the future.
Since the attack, they’ve been trying to deploy fixes as quickly as possible. Currently, Riot is working with its consultants, security team, and law enforcement to investigate its perpetrators and attack.
A Ransom Note
The company received a random note from the hackers, where they demanded $10 million if they wanted to stop them from releasing the stolen data publicly. Based on a copy of the ransom mail Vice’s Motherboard received, the hackers wanted the $10 million in exchange for not leaking the code. Riot Games had a deadline of 12 hours after they received the note to respond, but in the end, the company refused to pay the sum.
After 12 hours, the ones behind the attack began selling the alleged source code for the anti-cheat platform and League of Legends on a hacking forum. They’re selling the legacy anti-cheat and LoL’s source code for a minimum of $1 million. The post includes a link to a PDF document with thousands of pages that the user claims contain the directory listing of the stolen source code. BleepingComputer, a website dedicated to technology news and cybersecurity, reviewed the document and stated that it does appear to be the stolen code for software associated with Riot Games.
How Did the Hackers Do It?
Based on an interview done by VX-Underground, a security research group, the anonymous actors stated that they were able to gain access to Riot Games’ network after devising a social engineering attack via SMS through one of the company’s employees.
The hackers then claimed that through this method, they could gain access to Riot’s development network for over 36 hours until the company detected them using their security operations center (SOC). According to the ones behind the attack, their goal was to steal the source code for Riot Vanguard—the anti-cheat software used by Riot Games for their online multiplayer titles. The hackers did not divulge their reason for stealing Riot Vanguard.
Are the Source Code and Anti-Cheat Worth $1 Million?
The main concern Riot Games has with the stolen source code is that someone could use it to create exploits or cheats that could target their players and games. The code mainly makes it easier for the developers to find bugs, but it’s also possible for hackers to reverse engineer it with little cost. Right now, only time will tell whether it’s worth $1 million to other threat actors or developers specializing in cheats.
Source code leaks have become increasingly common in modern gaming maintenance and development. At the very least, the hackers using them are less frequent. Other companies that experienced this attack include Valve and CD Projekt Red. CD Projekt Red, in particular, was hit with a ransomware attack in 2021, where their codes for The Witcher 3, Cyberpunk 2077, and Gwent were exfiltrated. Lucky for them, no threats or exploits emerged from it since the company mainly makes single-player games—with Gwent being an exception since it’s an online deck-builder title, making it a target for malware.
Riot Games Delays Adjustments
Because Riot Games is dealing with the mess, the developers have stopped releasing content for Teamfight Tactics and League of Legends as they’re working to secure the system. Riot expects a fix to be implemented in the coming weeks, and patch updates will resume. The company posted on Twitter that the “big stuff” for the two games is being moved to February 8, so players with PBE accounts will have to wait until then to get significant updates for their favorite title.