Riot Games was recently the target of a security breach which hit their development environment. Because of this, the patch that was expected next week for Legends of Runeterra has been delayed.
Thankfully, this will not hurt the start of the next play season on February 1. As a positive note, the Runeterra team has confirmed that we will be seeing this year's roadmap next week, which should be exciting. Additionally, here's what you should know about the breach:
- Riot is confident no player or personal data was obtained during the breach.
- Riot was compromised by a social engineering attack.
- A ransom was sent to Riot and they are not going to pay it.
- All the teams are temporarily unable to release content to games.
- League of Legends, Teamfight Tactics, and a legacy anticheat all had their source code stolen.
- Some of the source code contains experimental features that we may never see in LoL or TFT.
Read on for all of Riot's announcements regarding the Runeterra patch delay and the breach.
Runeterra Patch Delay Announcement
Hey LoR Community, we wanted to let you know that the patch previously planned to release next week has been pushed into February. This delay will not affect our current Ranked Season, which is still slated to end Feb 1st.
We'll keep you posted with any updates as our team continues to work on getting new content to you all as soon as possible.
You can expect the Roadmap and a detailed competitive overview article to drop next week.
The Breach Announcement - Jan 20
Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained.
Unfortunately, this has temporarily affected our ability to release content. While our teams are working hard on a fix, we expect this to impact our upcoming patch cadence across multiple games.
Please be patient with us as we work through this, and we’ll keep you posted as we continue our investigation.
The Breach Follow-up - Jan 24
As promised, we wanted to update you on the status of last week’s cyber attack. Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers.
Today, we received a ransom email. Needless to say, we won’t pay. While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised.
Truthfully, any exposure of source code can increase the likelihood of new cheats emerging. Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed.
The illegally obtained source code also includes a number of experimental features. While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and there’s no guarantee it will ever be released.
Our security teams and globally recognized external consultants continue to evaluate the attack and audit our systems. We’ve also notified law enforcement and are in active cooperation with them as they investigate the attack and the group behind it.
We’re committed to transparency and will release a full report in the future detailing the attackers’ techniques, the areas where Riot’s security controls failed, and the steps we’re taking to ensure this doesn’t happen again.
We’ve made a lot of progress since last week and we believe we’ll have things repaired later in the week, which will allow us to remain on our regular patch cadence going forward. The League and TFT teams will update you soon on what this means for each game.