'League Of Legends' Merch Site Exposed Private Data

Riot Games launched a new event called “Welcome To The Jungle” on its merchandise website yesterday, but the team ran into what it called a “platform issue” that potentially exposed crucial user information. However, the issue was fixed a few hours later.

The announcement was made on Facebook via the Riot Games Merch page. Christian Bayley, a member of the online merchandise team, wrote that the exposure wasn’t the result of an outside breach but rather a “legacy code issue” between the two versions of the website. When the new merchandise site launched, those at the checkout portion of their purchase potentially saw information about other players who were buying items on the online store at the same time. This included their real name, phone number, mailing address, past orders, the last four digits of their credit card (if it was used to make a purchase), or other methods of payment, such as PayPal.

The company said that information of a “few hundred people,” specifically players in the E.U., was exposed in two three-minute windows between 10:45am and 11:30am PT. If you weren’t online during this period, your account wasn’t exposed. Riot also reassured customers by mentioning that its site doesn’t store your full credit card or banking information. Email addresses are also partially hidden during your purchase.

Fortunately, Riot was able to fix the problem before the site relaunched at 1pm PST yesterday. Riot will reach out to each player affected by the issue within the next 48 hours. If you have any questions or if you believe your information was affected because of this issue, you can send a message to Bayley and the team at wttj-bug-rg@riotgames.com.