These files are often circulated on hacker forums and the dark web to target Riot Games' massive player base across titles like League of Legends and VALORANT . Understanding "Combo.txt" in the Riot Games Ecosystem
: Riot advises players to check for unusual login activity and immediately enable Multi-Factor Authentication (MFA) to prevent combo list attacks from succeeding. riotgames combo.txt
: These lists are rarely from a single direct breach of Riot's servers. Instead, they are often aggregated from various third-party data leaks (e.g., the ALIEN TXTBASE leak in 2025) where players used the same password for multiple services. These files are often circulated on hacker forums
: While a major 2023 social engineering attack exfiltrated source code for League of Legends and Teamfight Tactics , Riot maintained that player data remained secure. However, smaller-scale leaks continue to surface, such as an alleged database sale in January 2026 . Risks and Security Measures Instead, they are often aggregated from various third-party
: Security experts recommend using services like Have I Been Pwned to see if your email appears in any public "combo.txt" dumps.