Skip to main content

League of Legends exploit opens back door to user accounts


A League of Legends exploit allowing browser access to the game's store as a means to hacking other player accounts, is being addressed by Riot.

According to witness reports on Reddit, the exploit allows users to access the League of Legends store from a web browser rather than the game client. With access to a user's Summoner ID and a session token, the perpetrator is able to make RP and IP transactions on that user's behalf.

A Riot spokesperson acknowledged and addressed the issue in the League of Legends Reddit.

"We're getting this fixed right now, though we can't speak to the specifics of the exploit or the explanations fellow Redditors have been offering," the spokesperson said. "What we can say is that we can see everyone who was hit by an attack, and we'll be returning all RP/IP that was lost.

"Since the store was involved, we also want to reassure you that this didn't expose any personal information like credit card numbers. Your data is safe."

The exploit can be seen from the victim's point of view in the video below:

Shaun is PC Gamer’s Australian editor and news writer. He mostly plays platformers and RPGs, and keeps a close eye on anything of particular interest to antipodean audiences. He (rather obsessively) tracks the movements of the Doom modding community, too.