Riot Games breached: How did it happen?
The hackers who breached Riot Games last week are asking for $10 million not to leak the stolen source code for the company’s popular League of Legends online game.
The company has also confirmed that source code for TFT (Teamfight Tactics) and a legacy anti-cheat platform (Packman) were exfiltrated by the attackers, but said they won’t be paying the ransom.
It all started with social engineering
Last week, Riot Games said that systems in their development environment were compromised via a social engineering attack and promised more details soon.
“We’re committed to transparency and will release a full report in the future detailing the attackers’ techniques, the areas where Riot’s security controls failed, and the steps we’re taking to ensure this doesn’t happen again,” the company said this Tuesday.
The operator of malware repository vx-underground has professedly spoken to the attacker, who said they got in by social engineering a Riot Games employee via SMS, that they managed to pivot through the company network and escalate privileges by social engineering a company director, but that they did not deploy malware (e.g., ransomware) on company systems.
We are currently speaking with the individual responsible for the breach on Riot Games.
They have informed us they have also stole Riot Games anti-cheat, Packman. Packman is the anti-cheat for both Valorant and League of Legends. pic.twitter.com/3jtAAhKWp0
— vx-underground (@vxunderground) January 25, 2023
The attacker also said they have been unable to compromise the Domain Controller and that Riot Games’ SOC team detected their activities in approximately 36 hours.
What happens now?
Riot Games’ investigation into the breach is underway. It does seem like the attacker did not employ ransomware, but focused on stealing source code to be able to extort money from the company.
“While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised,” Riot Games said.
“We’ve made a lot of progress since last week and we believe we’ll have things repaired later in the week, which will allow us to remain on our regular patch cadence going forward.”
DataBreaches.net reports that the stolen source code has apparently already being offered for sale on a popular online forum.