is working to fix a League of Legends exploit that allows unscrupulous types to hack into user accounts and siphon off their hard-earned RP and IP (LoL's in-game currency).
The exploit involves forcing access the thethrough a browser rather than the in-game client, then using a player's Summoner ID and a session token to access his/her account. Riot is quick to point out that no credit card data or sensitive personal data is at risk.
"We're getting this fixed right now, though we can't speak to the specifics of the exploit or the explanations fellow Redditors have been offering," writes a spokesperson. "What we can say is that we can see everyone who was hit by an attack, and we'll be returning all RP/IP that was lost. Since the store was involved, we also want to reassure you that this didn't expose any personal information like credit card numbers. Your data is safe."
The exploit came to Riot's attention after several streamers highlighted the issue. You can see an example of what's been going on in the video above (thanks). There's a more in-depth explanation of the issue over on this .