| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to a breach at Riot Games, the developer of League of Legends, is not the first time the company has faced security issues. In the past, Riot Games has been targeted by hackers, as mentioned in the article, "Riot Games isn't the only game maker that has come under attack from hackers." The article highlights that other game makers like ZeniMax, World of Warcraft, and Ubisoft have also been hacked in the past, indicating a history of security breaches within the gaming industry [20936].
(b) The incident at Riot Games is not an isolated case, as other game makers have also faced similar security breaches. For example, ZeniMax, the maker of Fallout 3, Doom, and Quake, was targeted by a distributed denial-of-service attack in 2011. Additionally, Ubisoft, the developer of Assassin's Creed, has been hacked multiple times, with a recent breach in July leading to hackers accessing usernames, e-mail addresses, and encrypted passwords. This indicates a trend of security incidents affecting multiple organizations within the gaming industry [20936]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be attributed to the breach in the system of League of Legends, developed by Riot Games. Hackers accessed usernames, e-mail addresses, salted password hashes, first and last names, and even some salted credit card numbers. The breach was a result of vulnerabilities in the system design, allowing unauthorized access to sensitive user information [20936].
(b) The software failure incident related to the operation phase is evident in the misuse of user data due to the breach. While Riot Games had implemented security measures like hashing and salting of passwords and credit card numbers, the incident highlighted the risk of theft if users had easily guessable passwords. This misuse of user data showcases an operational failure in ensuring the security and protection of user information [20936]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in this case, where hackers breached the system of League of Legends, can be categorized as a within_system failure. The breach occurred due to vulnerabilities within Riot Games' system, allowing hackers to access usernames, e-mail addresses, salted password hashes, credit card numbers, and other personal information of users [20936]. Riot Games acknowledged the breach and mentioned that they are implementing new security features and requiring users to change their passwords to prevent such incidents in the future. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the article was primarily due to non-human actions, specifically hackers breaching the system of League of Legends, leading to the unauthorized access of user data including usernames, e-mail addresses, salted password hashes, names, and credit card numbers [20936].
(b) However, human actions were also involved in the response to the incident. Riot Games, the developer of League of Legends, took actions such as instituting new security features like e-mail verification and two-factor authentication, and requiring users to change their passwords to stronger ones [20936]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in the article was not attributed to hardware issues. Instead, it was a result of hackers breaching the system of League of Legends, leading to unauthorized access to user data including usernames, e-mail addresses, salted password hashes, names, and credit card numbers [20936].
(b) The software failure incident in the article was due to contributing factors originating in software, specifically the security vulnerabilities that allowed hackers to breach the system and access sensitive user information. Riot Games, the developer of League of Legends, acknowledged the breach and mentioned implementing new security features like e-mail verification and two-factor authentication to enhance user protection [20936]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case is malicious. The incident involved hackers breaching the system of League of Legends, a popular online video game, with the intent to access sensitive user information such as usernames, e-mail addresses, salted password hashes, names, and credit card numbers [20936]. The hackers targeted the system to steal data, leading to a security breach that compromised the personal information of users in North America. Riot Games, the developer of League of Legends, acknowledged the breach and took steps to enhance security measures to protect affected players and prevent future incidents. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident related to the breach of the League of Legends system by hackers can be attributed to poor decisions made in terms of security measures and data protection. Riot Games mentioned that some usernames, e-mail addresses, salted password hashes, names, and even salted credit card numbers were accessed by the hackers. The company warned that if users had easily guessable passwords, their information could be susceptible to theft. Additionally, the incident involved approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers, indicating a lapse in securing sensitive payment information [20936].
(b) The software failure incident can also be linked to accidental decisions or unintended consequences. Riot Games stated that the payment system involved with the accessed records hadn't been used since July of 2011, and that type of payment card information hadn't been collected in any Riot systems since then. This suggests that the exposure of this data was not intentional but rather a result of historical data retention practices or oversight in securing older records [20936]. |
| Capability (Incompetence/Accidental) |
development_incompetence, unknown |
(a) The software failure incident related to development incompetence is evident in the article as hackers breached the system of League of Legends, a popular online video game developed by Riot Games. The breach resulted in unauthorized access to sensitive user information such as usernames, e-mail addresses, salted password hashes, names, and credit card numbers [20936]. This breach highlights a failure in the development process where the system's security measures were not robust enough to prevent such an attack, indicating a lack of professional competence in ensuring adequate security measures were in place.
(b) The software failure incident related to accidental factors is not explicitly mentioned in the article. |
| Duration |
temporary |
(a) The software failure incident in the article seems to be temporary rather than permanent. The incident was a result of hackers breaching the system of League of Legends, leading to the unauthorized access of user data including usernames, e-mail addresses, salted password hashes, names, and credit card numbers [20936]. Riot Games, the developer of League of Legends, took immediate action by announcing the breach and investigating the accessed records. They also implemented new security features and required users to change their passwords to enhance security measures. This proactive response indicates that the software failure incident was temporary and not a permanent issue introduced by all circumstances. |
| Behaviour |
crash, other |
(a) crash: The software failure incident in the article can be categorized as a crash. The breach by hackers led to the system losing its state and not being able to perform its intended functions, resulting in unauthorized access to user data and potential theft of information [20936].
(b) omission: There is no specific mention of the system omitting to perform its intended functions at an instance in the article.
(c) timing: The software failure incident is not related to the system performing its intended functions too late or too early.
(d) value: The failure is not due to the system performing its intended functions incorrectly.
(e) byzantine: The software failure incident does not involve the system behaving erroneously with inconsistent responses and interactions.
(f) other: The behavior of the software failure incident can be categorized as a security breach due to hackers gaining unauthorized access to user data, including usernames, e-mail addresses, salted password hashes, names, and credit card numbers [20936]. |