www.helpnetsecurity.com
Open in
urlscan Pro
54.203.13.2
Public Scan
Submitted URL: https://sl.cloudbees.com/t/8862/c/eefdbad7-ab9b-49f3-a876-589626145f96/NB2HI4DTHIXS653XO4XGQZLMOBXGK5DTMVRXK4TJOR4S4Y3PNU...
Effective URL: https://www.helpnetsecurity.com/2023/01/25/riot-games-breached/
Submission: On July 31 via api from US — Scanned from DE
Effective URL: https://www.helpnetsecurity.com/2023/01/25/riot-games-breached/
Submission: On July 31 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1690817610"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus * News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Zeljka Zorz, Editor-in-Chief, Help Net Security January 25, 2023 Share RIOT GAMES BREACHED: HOW DID IT HAPPEN? The hackers who breached Riot Games last week are asking for $10 million not to leak the stolen source code for the company’s popular League of Legends online game. The company has also confirmed that source code for TFT (Teamfight Tactics) and a legacy anti-cheat platform (Packman) were exfiltrated by the attackers, but said they won’t be paying the ransom. IT ALL STARTED WITH SOCIAL ENGINEERING Last week, Riot Games said that systems in their development environment were compromised via a social engineering attack and promised more details soon. “We’re committed to transparency and will release a full report in the future detailing the attackers’ techniques, the areas where Riot’s security controls failed, and the steps we’re taking to ensure this doesn’t happen again,” the company said this Tuesday. The operator of malware repository vx-underground has professedly spoken to the attacker, who said they got in by social engineering a Riot Games employee via SMS, that they managed to pivot through the company network and escalate privileges by social engineering a company director, but that they did not deploy malware (e.g., ransomware) on company systems. The attacker also said they have been unable to compromise the Domain Controller and that Riot Games’ SOC team detected their activities in approximately 36 hours. WHAT HAPPENS NOW? Riot Games’ investigation into the breach is underway. It does seem like the attacker did not employ ransomware, but focused on stealing source code to be able to extort money from the company. “While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised,” Riot Games said. “We’ve made a lot of progress since last week and we believe we’ll have things repaired later in the week, which will allow us to remain on our regular patch cadence going forward.” DataBreaches.net reports that the stolen source code has apparently already being offered for sale on a popular online forum. More about * data breach * extortion * online gaming * social engineering Share this FEATURED NEWS * Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) * New persistent backdoor used in attacks on Barracuda ESG appliances * How the best CISOs leverage people and technology to become superstars Product showcase: Stellar Toolkit for Exchange – Restore Exchange Database SPONSORED 3 WAYS WE’VE MADE THE CIS CONTROLS MORE AUTOMATION-FRIENDLY THE BEST DEFENSE AGAINST CYBER THREATS FOR LEAN SECURITY TEAMS SECURITY IN THE CLOUD WITH MORE AUTOMATION DON'T MISS IVANTI FIXES SECOND ZERO-DAY EXPLOITED BY ATTACKERS (CVE-2023-35081) WEB BROWSING IS THE PRIMARY ENTRY VECTOR FOR RANSOMWARE INFECTIONS NEW PERSISTENT BACKDOOR USED IN ATTACKS ON BARRACUDA ESG APPLIANCES HOW THE BEST CISOS LEVERAGE PEOPLE AND TECHNOLOGY TO BECOME SUPERSTARS DATA PRIVACY VAULT: SECURING SENSITIVE DATA WHILE NAVIGATING REGULATORY DEMANDS Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - monthly newsletter with top articles Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2023 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×