218 Million Accounts May Have Been Compromised
A Words With Friends data breach may have taken place according to a Pakistani hacker who has previously stolen and sold nearly a billion pieces of user data so far.
The Hacker News reports that a Pakistani hacker going by the name "Gnosticplayers" has spoken with them and claimed that he's successfully acquired the data of more than 218 million users on Zynga's popular word-making game. He also claims to have acquired data from Drawn Something and the discontinued game OMGPOP, the latter of which is alleged to have stored more than 7 million passwords in unencrypted text.
Are You Affected by the Words With Friends Data Breach?
The 218 million potentially-vulnerable accounts are across a wide range of people who played the game.
To start, anyone who has played the game via Android or iOS could have been affected by this hack. That's probably the vast majority of people outside of Facebook boomers, so you may well be vulnerable if you've played the game on your smartphone.
Furthermore, only data for accounts made on or before September 2, 2019, has been collected. If you've made your account after that, you should be good.
What Data Was Exposed?
This is the data that was reportedly exposed according to The Hacker News:
- Email addresses
- Login IDs
- Hashed passwords, SHA1 with salt
- Password reset token (if ever requested)
- Phone numbers (if provided)
- Facebook ID (if connected)
- Zynga account ID
Zynga, for their part, has already initiated an investigation, contacted law enforcement, and taken steps to further protect users' accounts. A Zynga representative told The Hacker News the following:
An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement. As a precaution, we have taken steps to protect these users' accounts from invalid logins. We plan to notify players as the investigation proceeds further.
As always, if a hack is suspected, you should change your password on the affected services as well as anywhere else where you used the same password. (Also, you shouldn't use the same password on two different sites, ever — it's bad practice for exactly this reason.)
What do you think of the potential Words With Friends data breach? Do you think Zynga will be able to keep your data safe in the future? Let us know in the comments below!