Riot Games has refused to pay ransom for the theft League of Legends source code, the company said on January 24. The Los Angeles-based studio recently fell victim to a major hack that delayed it League of Legends updates as a precaution.
Riot first communicated news of the attack last Friday, while still investigating the extent of the breach. The company said it decided on an early disclosure to reassure fans that there is no indication that the hackers were able to obtain player data or personal information.
After a security audit, Riot determined that the hackers were able to steal the source code for League of Legendscompetitive auto-battles Teamfight tactics, and one of its old anti-cheat systems. The social engineering attack was aimed at the company’s development environment, so the parties behind it were presumably able to get away with uncompiled, and thus easily readable, C++ source files. Riot received a ransom email on January 24, but has no intention of giving in to the attackers’ demands, the studio revealed on Twitter.
Given how source code exposure has the potential to facilitate the emergence of new cheats, the developer is now closely monitoring the situation and has prepared to handle a potential influx of new player hacks with hotfixes. The fact that Riot had to divert resources to strengthen its anti-cheat measures likely played a role in the decision to delay major Teamfight tactics and League of Legends updates. The company also revealed that the stolen files contained some experimental features that are not guaranteed to be released, but could be leaked now that their source code is out in the wild.
Riot expects to resume its regular League of Legends and Teamfight tactics update the development cycles by the end of the week. Valorant appears to have been unaffected by the cyber attack. The Tencent-owned company says it has already been notified and is cooperating closely with the police authorities who started the investigation into the group behind the attack. It also promised to publish an in-depth report detailing the hackers’ techniques and “areas where Riot’s security controls failed,” as well as all the steps it is taking to make sure something like this doesn’t happen in the future.
Between the recently disclosed cyber attack and the recent backlash above League of Legends Season 2023 cinematically, Riot isn’t exactly having the best start to the year. Despite this, its transparent approach to handling the fallout of the hack appears to follow security best practices to a T, indicating that the company has a firm grip on the situation.
MORE: League of Legends’ new champion Nilah establishes an interesting pattern in ADC design