"It’s unclear exactly how many users' account details were compromised, but the pan-European coverage suggests it would be large," writes CSO Online's Liam Tung.
According to a security alert posted on Saturday, data accessed included e-mail addresses, encrypted account passwords, character names, dates of birth, and in some cases, users' first and last names and encrypted security questions and answers. No payment or billing information was accessed, according to the company.
"Sadly, Riot Games doesn't actually say when it thinks the breach happened, only that it has now been investigated and reported," notes Sophos' Paul Ducklin. "Nevertheless, the company's notification is, in my opinion, frank and helpful. The article was placed in the Latest News section on the main page of the relevant websites, and states fairly clearly what was stolen, and what was not."
"In addition to apologizing for the breach, Riot Games said it has fixed the security hole that was exploited in this case," writes GameSpot's Brendan Sinclair. "It has also e-mailed those players affected, and is recommending all players change their account passwords."
"Riot Games suggests that players use unique passwords for their League of Legends accounts that are at least eight characters long and a mix of letters, numbers, and special characters," writes PCMag.com's David Murphy. "Players should also be mindful of any new phishing attempts that might be coming through their email as a result of the attack -- watch for unusual emails with links that don't quite seem right, or emails with attachments that came into one's inbox unexpectedly."