Member Login
menu

Hacker Stole More Than 218 Million User Information From Zynga’s 'Words With Friends'

30/09/2019

Zynga Inc. is an American social game developer running social video game services.

And here, a hacker from Pakistan claimed to have hacked Zynga's Words With Friends, a popular social mobile game, and gained access to a database containing more than 218 million users.

According to The Hacker News on its report, the hacker who goes with the alias Gnosticplayers, have previously made headlines earlier this 2019 after selling almost a billion user records stolen from nearly 45 popular online services.

The alleged Zynga breach is considered a serious issue since Zynga has so many games and so many players.

More than a billion people have played the company’s games. The data breach was said to have affected all Android and iOS players who installed and signed up for Words With Friends before September 2, 2019.

Zynga - Words with Friends

In a statement, Zynga said that it acknowledged the data breach. It posted the announcement on its customer support site on September 12, but news of the breach did not came out until September 29th.

While the San Francisco-based company did not reveal the exact number of affected users, the hacker reportedly got access to names, email addresses, login IDs, hashed passwords, reset tokens (if ever requested), phone numbers (if provided), Facebook ID (if connected), and Zynga account ID.

The company said it is notifying users of any suspicious logins and is prompting them to change their passwords.

And regarding passwords, Zynga said that it "does not collect your passwords for Facebook, Android, or iOS, and we have no indication that this information was involved in the event.”

Here is Zynga's complete statement:

Cyber attacks are one of the unfortunate realities of doing business today. We recently discovered that certain player account information may have been illegally accessed by outside hackers. An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement.

Our current understanding is that no financial information was accessed. However, we understand that account information for certain players of certain Zynga games may have been accessed. As a precaution, we have taken steps to protect certain players’ accounts from invalid logins, including but not limited to where we believe that passwords may have been accessed. Zynga has begun the process of sending individual notices to players where we believe that notice is required.

The security of our player data is extremely important to us. We have worked hard to address this matter and remain committed to supporting our community.

Besides this, the hacker also claimed to have hacked data belonging to some other Zynga's games, including Draw Something and the discontinued OMGPOP game, which allegedly exposed clear text passwords for more than 7 million users.

Zynga said that it has initiated an investigation with the aid of third-party forensics firms. It has also contacted law enforcement.