Riot Games revealed that account information for a "portion of" North American League of Legends players was recently compromised. According to Riot, usernames, email addresses, encrypted passwords, and some names were compromised, along with approximately "120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed."
Riot goes on to say that the "payment system involved with these records hasn't been used since July of 2011, and this type of payment card information hasn't been collected in any Riot systems since then."
The company is asking North American players (via email) to change their passwords within the next 24 hours to stronger passwords. Those who do not do so prior to logging into the game will be prompted to do so the next time they log in.
Riot says that an investigation on this security breach is ongoing.
The company also said that it is implementing additional security measures immediately including requiring all new registrations and account changes to be associated with a valid email address, and requiring that changes to account email or password be verified by email or mobile SMS.
Riot Games had no further comment on this story when asked other than to point out what it had already said in a blog post on the matter earlier today.