The usernames and passwords of more than 172 million accounts were exposed in a hack of Zynga, the company behind the popular mobile game “Words with Friends.”
According to a new report from The Guardian, Zynga admitted back in September that “log-in information for certain players of Draw Something and Words With Friends” may have been accessed. While the company contacted affected users at the time, it has yet to confirm the size of the breach. According to the company, no financial information was accessed.
“We recently discovered that certain player account information may have been illegally accessed by outside hackers,” explained the statement. “An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement.”
A Zynga spokesperson said on Thursday that the company would not be commenting beyond that September statement.
“The password security, involving two processes called salting and hashing, means it would be time-consuming and expensive for anyone who gets hold of the stolen data to uncover usable passwords,” explains the report. “The dump also included some Facebook IDs and phone numbers for users who had provided that information to the company.”
The Hacker News spoke to the alleged hacker, who goes by name of Gnosticplayers, and they explained that they had also stolen other databases from the game company, including 7 million unprotected passwords or users of a now-discontinued game called OMGPop.
“This is just the latest in a string of hacks from Gnosticplayers, who appears to be vying for a reputation as much as monetary gain,” said Max Heinemeyer, the director of threat hunting at the cybersecurity company Darktrace. “Again we are reminded that companies are too often on the back foot and scrambling to do damage control in the aftermath of a data breach.”
Concerned Zynga customers have been advised to visit the company’s support page for more information on how they can protect their data.
