Hacker claims to have stolen over 218M Zynga ‘Words with Friends’ Gamers records

Hackers have stolen more than 218 million records from the popular ‘Words With Friends’ developed by the mobile social game company Zynga Inc.

Do you remember Gnosticplayers? The popular hacker Gnosticplayers that between February and April disclosed the existence of some massive unreported data breaches in five rounds.  He offered for sale almost a billion user records stolen from nearly 45 popular online services.

Now the Pakistani hacker claims to have stolen more than 218 million records from the popular mobile social game company Zynga Inc.

Zynga Inc is an American social game developer running social video game services founded in April 2007, it primarily focuses on mobile and social networking platforms.

Among the online games developed by the company, there are FarmVille, Words With Friends, Zynga Poker, Mafia Wars, and Café World that have over a billion players worldwide.

“Going by the online alias Gnosticplayers, the serial hacker told The Hacker News that this time, he managed to breach “Words With Friends,” a popular Zynga-developed word puzzle game, and unauthorisedly access a massive database of more than 218 million users.” reported The Hacker News.

Gnosticplayers shared a sample of stoled data with The Hacker News, exposed records includes:

• Names
• Email addresses
• Login IDs
• Hashed passwords, SHA1 with salt
• Password reset token (if ever requested)
• Phone numbers (if provided)
• Facebook ID (if connected)
• Zynga account ID

Gnosticplayers revealed that he had access to data belonging to all Android and iOS game players who installed and signed up for the ‘Words With Friends’ game before 2nd September 2019.

Zynga confirmed that the account login information for certain players of Draw Something and Words With Friends that may have been exposed in the data breach. The company pointed out that hackers did not access financial information.

“We recently discovered that certain player account information may have been illegally accessed by outside hackers.  An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement.” reads the data breach notification published by the company.

“While the investigation is ongoing, we do not believe any financial information was accessed.  However, we have identified account login information for certain players of Draw Something and Words With Friends that may have been accessed.  As a precaution, we have taken steps to protect these users’ accounts from invalid logins.  We plan to further notify players as the investigation proceeds.”

The hacker also claims to have accessed data of other Zynga gamers, including Draw Something and the discontinued OMGPOP game.

The company launched an investigation and hired third-party forensics firms to help it, of course, it also reported the incident to the law enforcement. As a precaution, the gaming firm has taken steps to protect these users’ accounts from invalid logins.

Users of the Words With Friends game, and let me suggest players of Zynga games, should immediately change the password for their account and also on any other services that share the same credentials.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – gaming, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]