New League of Legends exploit gives hackers a back door access into user accounts, and allows them to use the victim's RP and IP points. According to some
reports from victims, the exploit allows users access to League of Legends store via web browser, bypassing the game's client in the process. That way hackers get access to users “Summoner ID” and a session token, which they later use to make IP, and RP transactions.
Riot acknowledged the problem and said that they are working on fixing the problem as soon as possible:
"We're getting this fixed right now, though we can't speak to the specifics of the exploit or the explanations fellow Redditors have been offering," the spokesperson said. "What we can say is that we can see everyone who was hit by an attack, and we'll be returning all RP/IP that was lost.
"Since the store was involved, we also want to reassure you that this didn't expose any personal information like credit card numbers. Your data is safe."
You can see the exploit from the victim's point of view in the video below.
Thanks PC Gamer