173 Million Zynga accounts were impacted in the September hack

In September Zynga, the American social game developer running social video game services suffered a data breach that 173 Million accounts.

Zynga Inc is an American social game developer running social video game services founded in April 2007, it primarily focuses on mobile and social networking platforms.

Among the online games developed by the company, there are FarmVille, Words With Friends, Zynga Poker, Mafia Wars, and Café World that have over a billion players worldwide.

In September, the notorious hacker “Gnosticplayers” claimed to have obtained data on over 218 million users.

At the time, Gnosticplayers shared a sample of stolen data with The Hacker News, exposed records included:

• Names
• Email addresses
• Login IDs
• Hashed passwords, SHA1 with salt
• Password reset token (if ever requested)
• Phone numbers (if provided)
• Facebook ID (if connected)
• Zynga account ID

Gnosticplayers revealed that he had access to data belonging to all Android and iOS game players who installed and signed up for the ‘Words With Friends’ game before 2nd September 2019.

Zynga confirmed that the account login information for certain players of Draw Something and Words With Friends that may have been exposed in the data breach. The company pointed out that hackers did not access financial information.

“We recently discovered that certain player account information may have been illegally accessed by outside hackers.  An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement.” reads the data breach notification published by the company.

“While the investigation is ongoing, we do not believe any financial information was accessed.  However, we have identified account login information for certain players of Draw Something and Words With Friends that may have been accessed.  As a precaution, we have taken steps to protect these users’ accounts from invalid logins.  We plan to further notify players as the investigation proceeds.”

The hacker also claims to have accessed data of other Zynga gamers, including Draw Something and the discontinued OMGPOP game.

Now the data breach notification service HaveIBeenPwned has shared the official figure on the incident, it reports that 172.9 million unique records containing email addresses, usernames, and passwords (salted SHA-1 hashes), were compromised.

“In September 2019, game developer Zynga (the creator of Words with Friends) suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.” states HIBP.

Breach date: 1 September 2019
Date added to HIBP: 19 December 2019
Compromised accounts: 172,869,660
Compromised data: Email addresses, Passwords, Usernames”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Zynga, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]