As a preventive measure, all North American users will be forced to change their account passwords to stronger ones, Merrill and Beck said in the blog post.
However, this mandatory password reset decision seems to have been extended to also include, at the very least, players on the European West (EUW) and EU Nordic & East (EUNE) servers, with password reset notices being posted on the regional websites corresponding to those servers.
Riot Operates separate LoL gameplay servers and websites in several regions, including North America, Latin America, Western Europe, Northern and Eastern Europe, Russia, Turkey and Oceania.
European LoL players have been affected by an incident that resulted in hackers accessing their account information, including password hashes, before, in June 2012. The company did not enforce mandatory password resets for all users at the time, but advised them to change their passwords to something stronger, noting that more than half of the affected password hashes corresponded to simple passwords and were at risk of easy cracking.
Following this new incident, the company plans to implement additional account security features, including email-based validation of changes to password and contact information, and two-factor authentication, Merrill and Beck said.
Last October, Riot said that League of Legends had around 70 million registered users, 12 million of whom were active on a daily basis. In March 2013, the company said that the game regularly exceeds five million peak concurrent players globally.
Sign up for Computerworld eNewsletters.