League of Legends accounts in certain European regions have been hacked, Riot Games notified players yesterday. The EU West and EU Nordic and East databases were breached, with hackers accessing email addresses, encrypted account passwords, summoner names, dates of birth and, for a small number of players, full names and security questions and responses.
"Absolutely no" billing or payment information was breached, Riot said. Riot stores passwords in encrypted form, but more than half of the passwords at risk were simple enough to fall victim to simple cracking.
Riot has fixed the security exploit and is emailing all players in the affected region, and will be updating this post. Security experts and the appropriate authorities have been notified, Riot said.
For now, League of Legends players would do well to change their passwords, and make sure they're something more complex than "password."
"Brandon and I want to sincerely and personally apologize to you for this situation," Riot's Marc Merrill concludes his post. "We take your privacy and security seriously, and we're working diligently to improve it for the better."