League of Legends, the #1 PC game in the world, suffered a brute force hack that, among other things, revealed salted and hashed password information for many users, as well as encrypted payment information for payments made before July 2011. Affected users will have to change their passwords within the next 24 hours and stronger password criteria will be required.

Due to the fact that passwords and credit card information was suitably encrypted, it is unlikely that users will have their accounts compromised. Nevertheless, a password change is prudent. Props to Riot Games for securing League of Legends by correctly using salting and hashing techniques. You’d be surprised how many companies don’t take these simple steps.

Source(s):

• Important Security Update and Password Reset