League of Legends exploit opens back door to user accounts
A League of Legends exploit allowing browser access to the game's store as a means to hacking other player accounts, is being addressed by Riot.
According to witness reports on Reddit, the exploit allows users to access the League of Legends store from a web browser rather than the game client. With access to a user's Summoner ID and a session token, the perpetrator is able to make RP and IP transactions on that user's behalf.
A Riot spokesperson acknowledged and addressed the issue in the League of Legends Reddit.
"We're getting this fixed right now, though we can't speak to the specifics of the exploit or the explanations fellow Redditors have been offering," the spokesperson said. "What we can say is that we can see everyone who was hit by an attack, and we'll be returning all RP/IP that was lost.
"Since the store was involved, we also want to reassure you that this didn't expose any personal information like credit card numbers. Your data is safe."
The exploit can be seen from the victim's point of view in the video below:
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
Shaun Prescott is the Australian editor of PC Gamer. With over ten years experience covering the games industry, his work has appeared on GamesRadar+, TechRadar, The Guardian, PLAY Magazine, the Sydney Morning Herald, and more. Specific interests include indie games, obscure Metroidvanias, speedrunning, experimental games and FPSs. He thinks Lulu by Metallica and Lou Reed is an all-time classic that will receive its due critical reappraisal one day.
Valve is adding an 'extra competitive' option to Deadlock that'll make matches harder, but only because everyone in this mode refuses to speak
As Viktor mains rage over their fave being hit with the Arcane twink ray, Riot quietly tinkers with controversial skin reworks on the League of Legends test server