A cybercriminal operating under the alias Gnosticplayers has hacked into Zynga's database gaining access to 218 million player records playing Words with Friends.
Words with Friends is one of Zynga's most popular mobile games. The developer is also known for creating Zynga Poker, Mafia Wars, and FarmVille.
On Sept. 12, Zynga issued a disclosure, saying personal information of some players may have been illegally obtained by unauthorized parties. The new report today sheds light on the weight of the data breach.
According to The Hacker News, Gnosticplayers has informed he was able to breach a Words with Friends database that contains more than 200 million user records. The incident affects both iOS and Android users who installed the game on or before Sept. 2. It's worth noting that the same hacker has previously claimed to be culprit behind Collection #1 and Collection #2 data dumps earlier in 2019.
The report also revealed what certain info had been breached. Apart from the names of registered users, other data stolen include Zynga account IDs, Facebook IDs if the user has a linked profile, phone numbers, requested password reset tokens, hashed and salted passwords, login IDs, and email addresses.
Gnosticplayers has also claimed he as well accessed the information of 7 million players playing Draw Something and discontinued game OMGPOP. Breached data included plaintext passwords.
At the time of Zynga's statement on Sept. 12, the developer said it was unsure of the nature of the breach. However, it assured users that no financial information has been accessed, only the login information of players of both Words with Friends and Draw Something.
"As a precaution, we have taken steps to protect these users' accounts from invalid logins," the statement read, "We plan to further notify players as the investigation proceeds."
When it comes to data breaches, all security experts agree that victims should do certain steps that would minimize the extent of the damage caused by the hacker.
The very thing one must do is to reset the password immediately after hearing the news. If you, unfortunately, have used that same password on your other accounts, reset those accounts as well.
Players of Zynga games and other popular mobile games are advised to be wary of unsolicited text messages, phone calls, and emails. The information that has supposedly been compromised could be used in phishing attacks.
Zynga's investigation is ongoing as of writing, and will provide updates once developments emerge.
