The attackers behind a recent assault on Riot Games have announced they are auctioning off the source code used for some of the company’s most famous games.
The company behind one of the world’s most popular MOBA games – League of Legends (LoL), had recently confirmed it had received a ransom note for the stolen source-code, but publicly announced it had zero intention of paying said ransom.
Reports had claimed that the crooks demanded $10 million in exchange for the stolen material.
During the breach, which allegedly lasted for 36 hours, the attackers managed to obtain the source code for League of Legends (LoL), Teamfight Tactics (TFT), and Packman – a legacy anti-cheat solution.
The incident forced Riot to postpone some of the upcoming patches for the games, but stated that other than that – no harm was done, and user data was secure.
After the ransom offer was vehemently declined, the crooks went to a “popular hacking forum”, and placed the data on auction.
LoL source code and Packman are being auctioned off for a minimum of $1 million. Packman itself, BleepingComputer found, is being offered for $500,000.
In the forum ad, there is a PDF file attached, holding a directory listing of 72.4GB of the stolen source code. The file itself is some 1,000 pages long, it was said. While the media did get a hold of the file, its authenticity is hard to confirm at this time.
Given the price tag, it’s safe to assume that the attackers believe the source code to be valuable.
It had previously been reported that the data could be used to create cheats for the game, allowing some people to get the upper hand in combat. Whether that’s enough to warrant a $1 million price tag, remains to be seen. BleepingComputer also says it’s possible to use the source code to create malware that can execute code on player endpoints (opens in new tab), remotely.
“Truthfully, any exposure of source code can increase the likelihood of new cheats emerging,” Riot said. “Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed.”
Via: BleepingComputer (opens in new tab)