You put a lot of trust in us when you hand over your info, and we don’t take that for granted. Keeping your data safe is a priority for us, so we have teams across security, engineering, and communications that work to protect you. We strive to be as transparent as possible when it comes to our security efforts to help you stay informed and take action when needed. We’ll continue to update this page to include all relevant security-related info, past and present.
All government requests for data should be sent to firstname.lastname@example.org.
Here’s what you need to know:
Return to this page and the @riotgames Twitter for the latest need-to-know information about Riot Games security.
Security standards and technology are constantly evolving, and the Riot team that works to keep player data safe evolves along with them. We prioritize the player experience, so we invest heavily in DDoS prevention, anti-cheating, and player account data backup. Even with these consistent efforts, there may be a time when your information becomes jeopardized. In these situations, this page will have the latest info.
While we strive to be as transparent as possible, communication around security issues sometimes take time because we need to analyze the issues and clean up the problem before sharing. This is a security best practice that protects you. We also have to comply with various country laws and bank regulations that can slow down our desire to share info with you sooner. And sometimes it just takes time to fully understand what happened, and we’re required by law and our own code of ethics to ensure we fully understand the facts before we share them.
We’ve recently announced a few new security features that’ll improve your account safety:
Stronger password requirements:
All players with accounts in North America were recently forced to change passwords to more complicated passwords that are harder to guess, and we’ll continue to evolve these standards going forward. Players in most other regions around the world will be required to follow these new, stricter password standards if you create a new account or attempt to change your existing password.
Required email verification:
All new registrations and account changes will need to be associated with valid email addresses. If you registered prior to this change, you’ll now be required to provide a valid email address.
Any change you make to account email or password will require verification via email or mobile SMS.
We are also working on getting sensitive player data into the hands of third parties who specialize in holding sensitive data, so your info will soon be even more secure.
Don’t get caught!
Phishing scams are serious business and even the savviest interwebs citizens can get caught. Phishing attempts can come from lots of places: email, social media, text messages and more. The best way to not get phished is to know when and where you’ll hear from Riot – it’ll only be here on riotgames.com, on our official @riotgames twitter or in an official Riot Games email. Riot Games emails will come from one of the following domains. If it’s coming from somewhere else, it’s not us
- @riotgames.com (emails directly from Rioters)
In the past we’ve used the following domains, but we no longer use them:
The most common League of Legends phishing scams are those that claim to give you free RP if you download a program (malware) or if you enter your login information on a site. Riot’ll never do this, so don’t fall for it. Also, beware of sites that look like leagueoflegends.com, but are actually fake sites.
Protect your IP address
Why is this important?
Riot Games doesn’t share your IP address without your consent, except when necessary to provide you with the best possible player experience, or in other situations when we’re legally required. However, a determined troublemaker might be able to marry IP data garnered from another online service with your summoner name.
The combination of your summoner name and your IP address could be used for all sorts of mischief. IP addresses can be correlated to physical location or used to flood a player’s network connection with bogus traffic for the purpose of disrupting their gaming experience.
How do I protect myself?
Your IP address can be publicly exposed through a variety of online activities, including peer-to-peer programs that enable file sharing and VOIP phone calls.
You can use an anonymous proxy server to hide your IP address when using these programs. It acts as an intermediary between your local network and the rest of the internet that makes requests on your behalf, thus masking your IP address from public view.
To do this, configure your web browser or other program that supports proxies. There are a lot of anonymous proxy servers on the internet, available for anyone to use, but they vary in bandwidth and dependability. You can use paid proxy services or use a VPN (virtual private network) maintained by a company or organization to connect to a higher quality proxy server. For more details on this and other security topics, visit the Player Support knowledge base.
Some security staples never get old
- Choose a strong password; our new measures will help ensure your password is more secure, but take it to the next level by using complicated combinations of letters, numbers, special characters, spaces and capitalization
- Keep your antivirus software active and updated to prevent against viruses and other malicious third party programs
- Keep your operating system updated
- Be careful when using shared systems or public computers
- Never share your account info (username and password) – with anyone ever, not even your bestest friend; Rioters will never ask you for your password either, especially over email or chat
- Don’t use the same password for multiple accounts; use a unique password for every account that matters to you
- Beware of fake League of Legends websites; if a site or its address looks a little fishy (no pun intended), go directly to the official site by searching for League of Legends in Google or entering “leagueoflegends.com” directly into the nav bar
- Don’t buy or sell League of Legends accounts; they aren’t legit and jeopardize your security
There’s also a lot of helpful information in the League of Legends Player Support knowledge base, so check it out to get more tips about how to keep your account safe.
- NA Mandatory Password Reset
- Protecting your account
- What to do in case of credit card fraud
- Recovering your account
If you think your info’s been compromised, you’ve been phished, or have other immediate security concerns, it’s important you take action.
Credit card fraud
If your credit card becomes compromised or is used without your authorization, it’s important you act as quickly as possible:
- Report the unauthorized charges
- Identify unauthorized Riot Points or League of Legends content charges and send Player Support a request with the following info. Once we confirm the details, we’ll suspend the account and return your money within 3-5 business days.
- Last 4 digits of the card
- Expiration date
- Dates of transactions
- Amount of purchase
- Transaction ID, if available
- Re-secure your card
For any security questions or concerns, contact Player Support.