A League of Legends exploit allowing browser access to the game's store as a means to hacking other player accounts, is being addressed by Riot.
According to witness reports on Reddit, the exploit allows users to access the League of Legends store from a web browser rather than the game client. With access to a user's Summoner ID and a session token, the perpetrator is able to make RP and IP transactions on that user's behalf.
A Riot spokesperson acknowledged and addressed the issue in the League of Legends Reddit.
"We're getting this fixed right now, though we can't speak to the specifics of the exploit or the explanations fellow Redditors have been offering," the spokesperson said. "What we can say is that we can see everyone who was hit by an attack, and we'll be returning all RP/IP that was lost.
"Since the store was involved, we also want to reassure you that this didn't expose any personal information like credit card numbers. Your data is safe."
The exploit can be seen from the victim's point of view in the video below: