Last updated 3 weeks ago
Divine Skins, a League of Legends custom skins service, experienced a data breach in March 2026 affecting 105,814 user accounts. The breach was disclosed via the service's Discord server, with the unauthorized access resulting in the deletion of all skins from the database and exposure of user data.
The attack involved an unauthorized third party gaining access to part of Divine Skins' systems. The compromised data included email addresses, usernames, and detailed purchase history records. The breach method indicates a system intrusion that allowed both data exfiltration and destructive database modifications.
The breach notification was conducted through Discord rather than formal regulatory channels. The company acknowledged the incident publicly but did not disclose specific containment measures or remediation timelines.
Unauthorized third party accessed part of the service's systems
The breach highlights inadequate access controls and monitoring for gaming service platforms handling user purchase data. The use of Discord for breach disclosure rather than formal notification channels demonstrates insufficient incident response planning. The combination of data exposure and destructive database modifications suggests both security and backup/recovery deficiencies.
Sign in to join the discussion.
Company
Industry
Disclosed
Records Affected
Attack Vector
Industry
Attack Vector