Zynga Data Breach Affects 200 Million Android and iOS Gamers



Hacker News has reported that a hacker has claimed to have breached the mobile game company Zynga, Inc. Earlier this year, the same hacker reportedly sold almost a billion user records stolen from approximately 45 popular online services.

According to Hacker News, the hacker managed to breach the Words With Friends game, which has a database of more than 218 million users. Zynga posted a Player Security Announcement about this on September 12, 2019. It doesn’t say very much.

Cyber attacks are one of the unfortunate realities of doing business today. We recently discovered that certain player account information may have been illegally accessed by outside hackers. An investigation was commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement.

While the investigation is ongoing, we do not believe any financial information was accessed. However, we have identified account login information for certain players of Draw Something and Words With Friends that may have been accessed. As a precaution, we have taken steps to protect these users’ accounts from invalid logins. We plan to further notify players as the investigation proceeds.

Forbes reported that the Zynga breach affects all players on both Android and iOS platforms who installed and signed up to play Words With Friends before September 3, 2019. Forbes points out that the hacker told Hacker News that data belonging to Draw Something, and from a discontinued game called OMGPOP, was also accessed.

What Zynga data has potentially been compromised? It may include: names, email addresses, login IDs, hashed passwords, password reset tokens if one had ever been requested, phone numbers where provided, Facebook IDs if connected to the social media platform, and Zynga account IDs.

Personally, I have never understood why someone would decided to breach Zynga (or any other gaming company) for the purpose of stealing data. The hacker must be aware that what they are doing is illegal. There is always the potential that hacker will be caught have will have to face legal consequences.


Leave a Reply

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.