Riot Games extorted: Riot Games says it received a ransom demand via email from the threat actor who hacked one of its employees and then gained access to one of its game development environments. Riot says the hacker is asking the company to pay a ransom demand, or they will release the source code for the League of Legends and Teamfight Tactics games and the source code of a legacy anti-cheat platform. The company says it does not intend to pay the ransom and expects the leaked source code to "increase the likelihood of new cheats emerging."
GoTo breach update: GoTo, the company that owns LastPass, updated a data breach notification it published last year when it said that some of its cloud hosting services were also impacted as part of the LastPass intrusion. GoTo says a recent investigation has found that the intruders managed to steal encrypted backups from its cloud storage. The backups contained data, including user information, for GoTo products such as Central, Pro, join.me, Hamachi, and RemotelyAnywhere. The company said the backups were encrypted, but the threat actor also stole an encryption key that would allow them to decrypt "a portion of the encrypted backups."
FanDuel breach: Sports-betting platform FanDuel emailed customers last week to let them know that their names and email addresses were stolen from the company's Mailchimp account. FanDuel joins e-commerce service WooCommerce as the second major company known to be affected by MailChimp's breach. Mailchimp, an email and newsletter platform, disclosed a security breach two weeks ago when it said that a threat actor hacked one of its employees and stole data from 133 Mailchimp customers.