League of Legends' source code is out and about in the public.
The hacker responsible for hacking Riot Games last week reportedly put the alleged source code of League of Legends and its Packman anti-cheat platform into auction in a popular forum.
The hack previously affected Riot Games' development environment, forcing the game developer to delay the updates to its many games, including Teamfight Tactics and Valorant.
League Of Legends Source Code Auction Details
The hacker, who goes by the name "Arka" or "ArkaT," is looking for value out of their efforts. According to PC Mag, Arka is auctioning the source codes starting at $1 million following Riot games' refusal to pay the demanded ransom.
You may remember that Arka sent a ransom email to Riot Games saying that he understands the significance of the source codes he stole and their release to the public on its games. While they offered to remove the source codes he stole from their servers and prevent its leakage, they demanded a ransom of $10 million to do so.
To sweeten the deal, Arka also added they would not only return the source codes and delete them from their systems, but they would also tell the company how they breached the game developer's servers and provide advice on how to prevent it.
While the deal does sound sweet on paper, Riot Games ultimately refused to pay for undisclosed reasons.
With no ransom money in sight, Arka decided to put the source codes into auction, leaking them to the public in the process. Bleeping Computer mentioned that the forum post Arka made includes a link to a thousand-page PDF document they claim contains a directory listing of the 72.4GB of stolen source code. However, the publication couldn't independently verify if the source code Arka put into auction was legitimate, nor did Arka provide further proof of the stolen source code.
However, the publication said that the directory's contents did appear to be a source code listing for software associated with Riot Games.
Is The Source Code Worth The Money?
Arka revealed to VX-Underground, a site that tracks cybercriminal activity, that they used "social engineering" on a Riot games employee, meaning that Arka probably sent a phishing message to the victim employee to gain their login credentials.
While Riot games claim that the source code Arka stole is a "legacy anti-cheat platform," meaning that the code they stole was old, there is a chance that should the source codes fall into the wrong hands, they could use the source code to potentially create exploits allowing them to execute code remotely on other players' devices.
This threat is something Riot Games is aware of, with it taking measures to prevent such a thing from happening. Since the attack, the company has been assessing the impact on its anti-cheat platform should its source code be leaked, along with preparing fixes for it to deploy as quickly as possible if needed.