Hackers auctioning alleged source code for Riot Games' League of Legends and Packman anti-cheat software on hacking forum after recent hack
Riot Games, the developer behind the popular online game League of Legends, has suffered yet another cyber attack, with the alleged source code for the game and the company's anti-cheat software Packman being put up for auction by the hackers. This marks the third major incident for the company in recent months, raising concerns about its ability to protect its data and players' personal information.
Last Friday, Riot Games disclosed that its development environment had been hacked, allowing threat actors to steal source code for League of Legends (LoL), Teamfight Tactics (TFT), and the company's Packman legacy anti-cheat platform. In a conversation with security research group VX-Underground, the threat actors stated they gained access to Riot Game's network after performing a social engineering attack over SMS on one of the company's employees. The threat actors claimed they had access to the development network for thirty-six hours until they were detected by the company's security operations center (SOC).
Yesterday, the company confirmed they had received a ransom note from the threat actor and said they would not be paying a ransom. Vice.com obtained this ransom note, which demanded $10 million to prevent the stolen data from going public.
However, last night, the threat actor behind the attack began selling the alleged source code for League of Legends and the legacy Packman anti-cheat platform on a popular hacking forum. The forum post includes a link to a thousand-page PDF document that they claim contains a directory listing the 72.4 GB of stolen source code. BleepingComputer reviewed this document, and it does appear to be a source code listing for software associated with Riot Games.
The threat actor says they are selling the League of Legends source code and Packman for a minimum of $1 million. However, they told BleepingComputer that they would be willing to sell Packman by itself for $500,000.
Riot Games source code sold on hacking forums
The main concern regarding the stolen source code is that it could be used to create cheats or exploits to target the game and its players. Other threat actors could also use the source code to potentially create exploits that allow remote code execution on players' devices.
"Truthfully, any exposure to source code can increase the likelihood of new cheats emerging. Since the attack, we've been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed," tweeted Riot Games.
It is not uncommon for hackers to auction off stolen data, but it is rare for it to be source code for a popular online game like League of Legends. This is the third major cyber attack to hit Riot Games in the past two years. In 2019, Riot Games suffered a data breach that exposed the personal information of its players. In 2020, the company's European servers were hit with a DDoS attack that caused widespread disruption.
The question remains, will anyone actually purchase the alleged source code for $1 million or more? Only time will tell, but one thing is for sure, the stakes are high for Riot Games and its players. The company must continue to take aggressive steps to protect its network and players from cyber threats.
In a statement provided to Vice, a Riot Games spokesperson said: "We can confirm that a subset of our source code, related to our older legacy anti-cheat software, was accessed. We want to be clear that the most recent version of our anti-cheat software, Riot Vanguard, was not impacted by this incident. We have already made updates to our systems that address the issue."
The spokesperson added: "As a precautionary measure, we have temporarily disabled all external access to our network while we investigate the incident and take steps to strengthen our network security further."
It is likely that the company will face legal action over the incident, as well as potential fines if personal data was exposed in the hack. The company's reputation and the trust of its players will also be at risk.