BoardsDiscuss the Boards

Discord link sent out from League of legends messages

Thasparta·1/12/2018, 5:06:37 PM·2 votes·2,862 views

So today someone or something sent out mass messages to my friends on my client. A Discord link to be exact (ofc I haven't clicked on it). But if you type that link letters in discord you come to something called "The sewer reborn". Has anyone else gotten this stuff recently? I've changed my password and for some reason I am still logged in on a mobile device, only that I am not using that stuff. I've submitted a ticket to Riot support so hopefully they can force logout all devices from my account.

I've also done some research about this stuff and it looks like this has been around since 2 months back at least. How is this issue still not fixed? If it's the mobile device app, fine that's out of Riots reach. But how can it be possible for someone to login to someone elses account with a "unknown" device without a verification sent to your mail first? Steam has this so why can't League of Legends have it? The security would be so much better for us as users and we would not be so dependent on Riot support when we have these issues. Now I have to wait and hope that none of my friends gets the same stuff as me...

2 Comments

Chermorg1/12/2018, 6:58:14 PM1 votes

Quite simply put, the strongest and safest security has been and for the foreseeable future will always be the “two known” concept - you and only you should know your username, and you and only you should know your password. This means that for someone to hack your account, they must know both pieces of information - virtually impossible unless you fall victim to a phishing attempt.

2FA is great and all (such as an email to a secured/verified account, or a token on your phone - something you “have”) but it comes with inherent risks - what if you need to log in away from your phone, what if your email is hacked, what if your phone dies/you get a new one? There’s just not really much at stake in League that can’t be reversed if an account is hacked - there’s no reason for 2FA.

Ryeot1/14/2018, 12:15:40 AM1 votes

I got this too. Not sure why/what mass hacking happened etc