Riot Games has announced that “a portion of [their League of Legends] North American account information was recently compromised”. And as of right now “usernames, email addresses, salted password hashes, and some first and last names were accessed” as part of that compromise. While it is unlikely that any passwords will be exposed as the result of the compromise, “players with easily guessable passwords are vulnerable to account theft”.
In addition to the account information, Riot is also “investigating approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers” that were also compromised. Riot Games assures players that they are “taking appropriate action to notify and safeguard affected players” and that their “investigation is ongoing and [Riot] will take all necessary steps to protect players’.
Players with North American accounts will be required to change their passwords the next time they log in to “stronger ones that are much harder to guess”. All newly created League of Legends accounts will require email verification and two-factor authentication in the future.
You can read the full security update at the official site.