ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

League of Legends Data Breach

leagueoflegends.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 339,487
Breach date 11 Jun 2012
Added to tracker 28 Jul 2018
Data classes 3

What happened

In June 2012, the multiplayer online game League of Legends suffered a data breach. At the time, the service had more than 32 million registered accounts and the breach affected various personal data attributes including "encrypted" passwords. In 2018, a 339k record subset of the data emerged with email addresses, usernames and plain text passwords, likely cracked from the original cryptographically protected ones.

Exposed data

Email addresses Passwords Usernames

Recommended actions

  • Change your League of Legends password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing League of Legends โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP