Alleged Stolen League of Legends Code Auctioned
Written by Karolis Liucveikis on
Riot Games, the video game developer behind the ever-popular League of Legends, announced on January 20 that it had been hacked. Following the hack, the company has received a ransom demand to return source code stolen during the hack and has the allegedly stolen source placed on auction by the threat actors.
Game developers have long been a favored target for several financially motivated threat actors with EA, Ubisoft, and CD Projekt Red, suffering cyberattacks, data breaches, and ransomware, in the case of CD Projekt Red’s case, in recent memory.
Reports regarding the attack began being published shortly after the announcement by Riot Games on Twitter. The initial announcement read,
“Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained.”
It was further noted by Riot Games that the incident would have a significant impact on the upcoming releases the game developer had planned, also stating,
“Unfortunately, this has temporarily affected our ability to release content. While our teams are working hard on a fix, we expect this to impact our upcoming patch cadence across multiple games.”
Four days after Riot Games announced that it had been hacked, they announced that the threat actors were attempting to extort Riot Games for the source code allegedly stolen in the attack. Riot Games stated,
“Today, we received a ransom email. Needless to say, we won’t pay. While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised.”
According to Motherboard, who have seen a copy of the ransom note, the threat actors are demanding 10 million USD not to release the stolen source code. According to the ransom note the threat actors claim they had stolen data about the anti-cheat software the company employs to prevent players from using malware to cheat.
Further, they claim that they have stolen the entire code base for the game League of Legends. The threat actors provided two large PDFs as proof they had the source code they claimed to have stolen. The threat actors also opened a Telegram channel to facilitate communications with Riot Games employees.
Threat Actors Try Auction of Allegedly Stolen Data
A day after Riot Games confirmed that they would not be paying the ransom demanded Bleeping Computer reported that the threat actors had put the stolen data up for auction on an underground hacker forum.
According to the post announcing that the data would be sold off to the highest bidder, it also stated that both the anti-cheat software, called Packman, and the League of Legends source code is up for sale.
The threat actor says they are selling the League of Legends source code and Packman for a minimum of 1 million USD. However, they told BleepingComputer that they would be willing to sell Packman by itself for 500,000 USD.
It is further claimed that the stolen data amounts to 72.4 GB. At the time of writing Bleeping Computer could not verify the veracity of the source code.
Moving to one side the question of the authenticity of the code, any potential buyer would have to ask themselves if the code is worth 1 million USD. The main value of the source code would be for cheat creation.
A suitably skilled programmer could write code that would bypass the current anti-cheat software. These cheats could then be sold to less scrupulous gamers who believe in the pay-to-win mantra above all else.
The release of any kind of source code can result in threat actors developing exploits that can be used to gain access to an unknowing player's computer or device with the game installed on it.
This does pose a certain amount of risk to both player and company, but it still ultimately boils down to if the buyer can get more than a million dollars out of their purchase just to generate some profit. Even if the anti-cheat code is sold off at 500,000 dollars, it is a significant capital outlay and still requires a not significant amount of work to turn into something that can be sold.
Also, a question a state-sponsored threat actor will have to ask is how valuable the information they can steal from your average league of legends player is before they consider putting in an offer.
With that said it is felt that Riot Games should be commended for how they have responded to the data breach. While nobody wants a data breach to occur and no matter how secure the IT infrastructure is it still can occur, Riot Games had been forthright with informing their community as to what happened and what the impacts will be.
▼ Show Discussion