League Of Legends players have been posting on discussion forums to announce a startling problem: the game's makers are sending them other people's information. Things like phone numbers, dates of birth, and even IP addresses are being sent seemingly at random to the wrong people. After several users confirmed that they got someone else's private info, League Of Legends developer Riot chimed in to apologize and say it was a rare error.
The first report came from Reddit user ZainTheOne. They posted on the League Of Legends subreddit claiming that they requested their data from Riot but heard nothing. Europe's new GDPR guidelines (the reason you've been getting all those e-mails from various companies) state that a company has 30 days to send this information to a user upon request. After the 30 days went by, ZainTheOne followed up and was given a file in return. Much to their surprise, ZainTheOne found that the file contained sensitive information about an entirely different person.
"Upon opening it its someone with name "***"(can i disclose it?) and not me," they wrote in their Reddit post. "I just sent them email that this isn't my account data and yet to hear a reply. Either way this is a serious issue because if i have someone else account data who has mine?"
The post blew up, prompting a quick response from Riot.
Unfortunately, the story doesn't end there. Three other users left comments on the post claiming that the same thing happened to them. With concerns about just how many players' personal information is being compromised by League Of Legends growing, a Riot staffer left a comment of their own.
"Based on your experience we have temporarily paused manual reviews of data requests while we investigate this situation further," wrote Westbroke. After investigating, Westbroke added an update.
"Normally, data requests like these are handled by an automated system. In this case it was handled manually, and through human error the wrong file was sent to the wrong player."
This explanation does line up with ZainTheOne's story. They got nothing from the automated system during the 30-day period, and only received the erroneous file after contacting a human rep directly. So it really does seem that a human worker made a serious mistake. As such, Westbroke concluded that the incident was extraordinarily rare and set the automated system to work as usual. Riot also contacted the affected individuals to work on a solution.
With the new GDPR rules in place, there's bound to be some growing pains. However, gamers shouldn't have to worry about anything more than a flood of annoying e-mails. Hopefully Riot truly does contain the incident and no one else is affected.