Riot Games Security

You put a lot of trust in us when you hand over your info, and we don’t take that for granted. Keeping your data safe is a priority for us, so we have teams across security, engineering, and communications that work to protect you. We strive to be as transparent as possible when it comes to our security efforts to help you stay informed and take action when needed. We’ll continue to update this page to include all relevant security-related info, past and present.

When you give us your info and your payment information, we mainly use it to verify your account, give you the content you want in game, or improve your overall experience. And we only share it with third parties in limited circumstances when it serves to provide players with additional services and a better overall experience. We comply with local, state, and federal agencies of various countries as required by law, when we deem it protects players more than not cooperating, or when we need to protect the live service, Riot assets or Rioters. For more information on how Riot stores and uses your data, please see our Privacy Policy.

All government requests for data should be sent to info@riotgames.com.

For issues with your account, head over to the Player Support page. If you want to report a security vulnerability, read more here

Here’s what you need to know:

 

Return to this page and the @riotgames Twitter for the latest need-to-know information about Riot Games security.

 

Security standards and technology are constantly evolving, and the Riot team that works to keep player data safe evolves along with them. We prioritize the player experience, so we invest heavily in DDoS prevention, anti-cheating, and player account data backup. Even with these consistent efforts, there may be a time when your information becomes jeopardized. In these situations, this page will have the latest info.

While we strive to be as transparent as possible, communication around security issues sometimes take time because we need to analyze the issues and clean up the problem before sharing. This is a security best practice that protects you. We also have to comply with various country laws and bank regulations that can slow down our desire to share info with you sooner. And sometimes it just takes time to fully understand what happened, and we’re required by law and our own code of ethics to ensure we fully understand the facts before we share them.

We’ve recently announced a few new security features that’ll improve your account safety:

Stronger password requirements:

All players with accounts in North America were recently forced to change passwords to more complicated passwords that are harder to guess, and we’ll continue to evolve these standards going forward. Players in most other regions around the world will be required to follow these new, stricter password standards if you create a new account or attempt to change your existing password. 

Required email verification:

All new registrations and account changes will need to be associated with valid email addresses. If you registered prior to this change, you’ll now be required to provide a valid email address. 

Coming soon

Two-factor authentication:

Any change you make to account email or password will require verification via email or mobile SMS.

We are also working on getting sensitive player data into the hands of third parties who specialize in holding sensitive data, so your info will soon be even more secure. 

 

Don’t get caught!

Phishing scams are serious business and even the savviest interwebs citizens can get caught. Phishing attempts can come from lots of places: email, social media, text messages and more. The best way to not get phished is to know when and where you’ll hear from Riot – it’ll only be here on riotgames.com, on our official @riotgames twitter or in an official Riot Games email. Riot Games emails will come from one of the following domains. If it’s coming from somewhere else, it’s not us

  • @riotgames.com (emails directly from Rioters)
  • @email.riotgames.com
  • @email.leagueoflegends.com
  • @riotgames.zendesk.com

In the past we’ve used the following domains, but we no longer use them:

  • @e.riotgames.com
  • @e.leagueoflegends.com
  • @leagueoflegends.com

The most common League of Legends phishing scams are those that claim to give you free RP if you download a program (malware) or if you enter your login information on a site. Riot’ll never do this, so don’t fall for it. Also, beware of sites that look like leagueoflegends.com, but are actually fake sites.

Protect your IP address

Why is this important?

Riot Games doesn’t share your IP address without your consent, except when necessary to provide you with the best possible player experience, or in other situations when we’re legally required. However, a determined troublemaker might be able to marry IP data garnered from another online service with your summoner name. 

The combination of your summoner name and your IP address could be used for all sorts of mischief. IP addresses can be correlated to physical location or used to flood a player’s network connection with bogus traffic for the purpose of disrupting their gaming experience.

How do I protect myself?

Your IP address can be publicly exposed through a variety of online activities, including peer-to-peer programs that enable file sharing and VOIP phone calls.

You can use an anonymous proxy server to hide your IP address when using these programs. It acts as an intermediary between your local network and the rest of the internet that makes requests on your behalf, thus masking your IP address from public view.

To do this, configure your web browser or other program that supports proxies. There are a lot of anonymous proxy servers on the internet, available for anyone to use, but they vary in bandwidth and dependability. You can use paid proxy services or use a VPN (virtual private network) maintained by a company or organization to connect to a higher quality proxy server. For more details on this and other security topics, visit the Player Support knowledge base

Tried-and-true tips

Some security staples never get old

  • Choose a strong password; our new measures will help ensure your password is more secure, but take it to the next level by using complicated combinations of letters, numbers, special characters, spaces and capitalization
  • Keep your antivirus software active and updated to prevent against viruses and other malicious third party programs
  • Keep your operating system updated
  • Be careful when using shared systems or public computers
  • Never share your account info (username and password) – with anyone ever, not even your bestest friend; Rioters will never ask you for your password either, especially over email or chat
  • Don’t use the same password for multiple accounts; use a unique password for every account that matters to you
  • Beware of fake League of Legends websites; if a site or its address looks a little fishy (no pun intended), go directly to the official site by searching for League of Legends in Google or entering “leagueoflegends.com” directly into the nav bar
  • Don’t buy or sell League of Legends accounts; they aren’t legit and jeopardize your security

There’s also a lot of helpful information in the League of Legends Player Support knowledge base, so check it out to get more tips about how to keep your account safe.

 

If you think your info’s been compromised, you’ve been phished, or have other immediate security concerns, it’s important you take action. 

Credit card fraud

If your credit card becomes compromised or is used without your authorization, it’s important you act as quickly as possible:

  • Report the unauthorized charges
  • Identify unauthorized Riot Points or League of Legends content charges and send Player Support a request with the following info. Once we confirm the details, we’ll suspend the account and return your money within 3-5 business days.
  • Last 4 digits of the card
  • Expiration date
  • Dates of transactions
  • Amount of purchase
  • Transaction ID, if available
  • Re-secure your card

Other concerns

For any security questions or concerns, contact Player Support.

 

Important Security Update and Password Reset

League of Legends Account Security Alert