Divine Skins Breach Exposes Over 105K User Accounts

Overview

In March 2026, the popular League of Legends custom skins service, Divine Skins, experienced a significant data breach. The company disclosed that an unauthorized third party gained access to part of its systems. The attacker deleted all custom skins from the database and stole user information. The breach was announced to the community via the service’s Discord server. This incident highlights the risks associated with third-party gaming services and the importance of digital security for all online accounts. For more on emerging digital threats, you can follow general cybersecurity news.

What Was Exposed

The compromised data includes several key pieces of personal information for 105,814 user accounts. Specifically, the breach exposed:

• Email Addresses: The primary contact email associated with your Divine Skins account.
• Usernames: Your chosen display name on the service.
• Names: Potentially your real name if provided during account creation or purchase.
• Purchase History: A record of transactions made through the service.

While financial details like credit card numbers were reportedly not stored by Divine Skins, the exposed data creates a significant privacy risk.

Potential Impact

The severity of this breach is considered MEDIUM. Although passwords and financial data were not leaked, the combination of exposed information can be leveraged for targeted attacks. The primary risks include:

• Phishing and Spam: With your email address and name, attackers can craft convincing phishing emails pretending to be from Divine Skins or other trusted services, attempting to steal more sensitive information like passwords.
• Credential Stuffing: If you reused your Divine Skins password on other websites, attackers could use your exposed email/username to attempt unauthorized access to those other accounts.
• Targeted Scams: Knowledge of your purchase history could be used to create highly personalized scams related to gaming or League of Legends.

Recommendations

If you have ever used the Divine Skins service, you should take the following steps to protect yourself:

1. Change Your Passwords Immediately: If you used a password for Divine Skins that is used on any other website (like email, gaming platforms, or social media), change those passwords now. Use a strong, unique password for every account.
2. Enable Two-Factor Authentication (2FA): Activate 2FA on any important accounts, especially your email and gaming platforms (like Riot Games). This adds a critical layer of security.
3. Beware of Phishing Attempts: Be extremely cautious of any emails claiming to be from Divine Skins or related to your gaming purchases. Do not click on links or download attachments from suspicious messages. Verify communications directly through official channels.
4. Monitor Your Accounts: Keep an eye on your email and other online accounts for any unusual activity.

How to Check If You’re Affected

This breach has been reported to the breach notification service Have I Been Pwned. You can easily check if your email address was involved in this or other known data breaches.

• Visit https://haveibeenpwned.com/
• Enter your primary email address into the search bar.
• Review the results to see if the “DivineSkins” breach is listed for your account.

If your information was exposed, it is crucial to follow the recommendations above to secure your online presence.