Riot Games, the studio behind the massively popular League of Legends, may have just committed a massive blunder when it comes to the protection of it’s user’s information. Namely by sending out this information to other people.
This information comes courtesy of Reddit user ZainTheOne, who about posted how the company had sent them the information of a completely different user after they had initially requested their own account data from Riot Games over thirty days ago. After a second request the company responded to the request, but the data provided was for a completely different person.
The information included within the account data doesn’t just pertain to the game either, it includes a person’s date of birth, email address, phone number and IP addresses used to log into the game for the past 4 months.
So this means that Riot Games has potentially violated GDPR Law, since it not only deals with the exchange of an individual’s information with advertisers, but even just the export of personal data outside the European Union. And the person whose information was leaked to the Reddit user above, who shall remain unnamed as per their request, happens to be a member of the European Union.
Riot Games has since responded to ZainTheOne with an email from Player Support, admitting their blunder and blaming it on a human error. A picture of the email can be seen below:
Riot Games Player Support also responded to the post by the Reddit user over on the official League of Legends Subreddit, where they said that they had temporarily paused all manual reviews of data requests while they investigated this situation further.
As of now, this is the situation. Riot Games has accidentally leaked one of their user’s information to someone else, and they may have potentially violated GDPR Law. The company is investigating further internally, and hopefully this case is an isolated incident and more users have not been affected.