League of Legends exploit opens back door to user accounts


A League of Legends exploit allowing browser access to the game's store as a means to hacking other player accounts, is being addressed by Riot.

According to witness reports on Reddit, the exploit allows users to access the League of Legends store from a web browser rather than the game client. With access to a user's Summoner ID and a session token, the perpetrator is able to make RP and IP transactions on that user's behalf.

A Riot spokesperson acknowledged and addressed the issue in the League of Legends Reddit.

"We're getting this fixed right now, though we can't speak to the specifics of the exploit or the explanations fellow Redditors have been offering," the spokesperson said. "What we can say is that we can see everyone who was hit by an attack, and we'll be returning all RP/IP that was lost.

"Since the store was involved, we also want to reassure you that this didn't expose any personal information like credit card numbers. Your data is safe."

The exploit can be seen from the victim's point of view in the video below:

Shaun Prescott

Shaun Prescott is the Australian editor of PC Gamer. With over ten years experience covering the games industry, his work has appeared on GamesRadar+, TechRadar, The Guardian, PLAY Magazine, the Sydney Morning Herald, and more. Specific interests include indie games, obscure Metroidvanias, speedrunning, experimental games and FPSs. He thinks Lulu by Metallica and Lou Reed is an all-time classic that will receive its due critical reappraisal one day.