Modernizing Authentication — What It Takes to Transform Secure Access
Game developer Riot Games recently warned North American players of the game League of Legends that their user names, e-mail addresses and salted password hashes had been accessed by hackers, along with some first and last names (h/t Graham Cluley).
120,000 transaction records from 2011 that contained hashed and salted credit card numbers were also accessed. "The payment system involved with these records hasn't been used since July of 2011, and this type of payment card information hasn't been collected in any Riot systems since then," the company said in a statement. "We are taking appropriate action to notify and safeguard affected players."
Riot Games is now requiring all players with accounts in North America to change their passwords, and is currently working to add e-mail verification and two-factor authentication to all accounts.
European players of the game were hit by a similar breach in June of 2012.