173 Million Zynga accounts were impacted in the September hack

In September Zynga, the American social game developer running social video game services suffered a data breach that 173 Million accounts.

Zynga Inc is an American social game developer running social video game services founded in April 2007, it primarily focuses on mobile and social networking platforms.

Among the online games developed by the company, there are FarmVille, Words With Friends, Zynga Poker, Mafia Wars, and Café World that have over a billion players worldwide.

In September, the notorious hacker “Gnosticplayers” claimed to have obtained data on over 218 million users.

At the time, Gnosticplayers shared a sample of stolen data with The Hacker News, exposed records included:

Names
Email addresses
Login IDs
Hashed passwords, SHA1 with salt
Password reset token (if ever requested)
Phone numbers (if provided)
Facebook ID (if connected)
Zynga account ID

Gnosticplayers revealed that he had access to data belonging to all Android and iOS game players who installed and signed up for the ‘Words With Friends’ game before 2nd September 2019.

Zynga confirmed that the account login information for certain players of Draw Something and Words With Friends that may have been exposed in the data breach. The company pointed out that hackers did not access financial information.

“We recently discovered that certain player account information may have been illegally accessed by outside hackers. An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement.” reads the data breach notification published by the company.

“While the investigation is ongoing, we do not believe any financial information was accessed. However, we have identified account login information for certain players of Draw Something and Words With Friends that may have been accessed. As a precaution, we have taken steps to protect these users’ accounts from invalid logins. We plan to further notify players as the investigation proceeds.”

The hacker also claims to have accessed data of other Zynga gamers, including Draw Something and the discontinued OMGPOP game.

Now the data breach notification service HaveIBeenPwned has shared the official figure on the incident, it reports that 172.9 million unique records containing email addresses, usernames, and passwords (salted SHA-1 hashes), were compromised.

“In September 2019, game developer Zynga (the creator of Words with Friends) suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.” states HIBP.

Breach date: 1 September 2019
Date added to HIBP: 19 December 2019
Compromised accounts: 172,869,660
Compromised data: Email addresses, Passwords, Usernames”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Zynga, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.