A Pakistani hacker who previously who made headlines earlier this year for selling almost a
billion user records stolenfrom nearly 45 popular online services has now claimed to have hacked the popular mobile social game company
Zynga Inc.
With a current market capitalization of over $5 billion, Zynga is one of the world's most successful social game developers with a collection of hit online games—including FarmVille, Words With Friends, Zynga Poker, Mafia Wars, and Café World—with over a billion players worldwide.
Going by the online alias Gnosticplayers, the serial hacker told The Hacker News that this time, he managed to breach "
Words With Friends," a popular Zynga-developed word puzzle game, and unauthorisedly access a massive database of more than 218 million users.
According to the hacker, the data breach affected all Android and iOS game players who installed and signed up for the 'Words With Friends' game on and before 2nd September this year.
In a statement published over a week ago, Zynga
admitted the data breach, revealing that the "account login information for certain players of
Draw Somethingand
Words With Friendsthat may have been accessed," though the company did not reveal the number of affected users.
"We recently discovered that certain player account information may have been illegally accessed by outside hackers." reads the statement.
Based on a sample data Gnosticplayers shared with The Hacker News, the stolen users' information includes their:
- Names
- Email addresses
- Login IDs
- Hashed passwords, SHA1 with salt
- Password reset token (if ever requested)
- Phone numbers (if provided)
- Facebook ID (if connected)
- Zynga account ID
Besides this, the hacker also claims to have hacked data belonging to some other Zynga-developed games, including Draw Something and the discontinued
OMGPOPgame, which allegedly exposed clear text passwords for more than 7 million users.
"An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement," the company said.
"As a precaution, we have taken steps to protect these users' accounts from invalid logins. We plan to notify players as the investigation proceeds further."
What's your take? If you are a user of the Words With Friends game, you should immediately change the password for your account and also on other services in the event you re-used the same password.
The Hacker News has already reached out to Zynga for a comment and will update this story if we hear back.
In March 2019, the same hacker compromised
over 26 million online accountsoriginating from 6 websites and put the stolen records for sale on the popular dark-web market called Dream Market.
In February, the hacker made three rounds of stolen accounts up for sale on Dream Market, posting details of
620 million online accountsstolen from 16 websites in the first round, 127 million from 8 sites in the second, and
92 million from 8 websitesin the third.
Security
via https://www.aiupnow.com
noreply@blogger.com (Swati Khandelwal), Khareem Sudlow
