Zynga ‘Words with Friends’ hack compromises more than 200m accounts

1 Oct 2019

Image: © jamesboy/Stock.adobe.com

Popular Zynga game Words with Friends has suffered a breach, exposing the data of more than 200m players.

Anyone who enjoys the occasional round of online game Words With Friends may want to change their password – a hacker has breached the popular puzzle game and accessed a massive database of more than 218m users. The game, developed by Zynga, can be played through Facebook or on its standalone app.

The threat actor, who has also been linked to the Collection #1 data dump, told Hacker News on Sunday (29 September) that they had gained access. The data breach, the hacker claims, affects all Android and iOS game players who installed and signed up for the Words with Friends game on and before 2 September 2019.

Stolen information is said to include names, email addresses, login IDs, Zynga account ID and, if either have been connected to the accounts, phone numbers and Facebook IDs.

‘Unfortunate realities of doing business today

Zynga, which has a current market capitalisation of more than $5bn, is also the company behind other wildly popular online games such as FarmVille, Mafia Wars, Café World and more. In total, Zynga-produced games boast a total of around 1bn users.

“Cyberattacks are one of the unfortunate realities of doing business today,” Zynga explained in a statement on 12 September, confirming that some account information had been illegally accessed.

“As a precaution, we have taken steps to protect these users’ accounts from invalid logins. We plan to notify players as the investigation proceeds further.”

‘Data is never safe’

Robert Prigge, president of online identity verification service Jumio, has urged users to take this breach as an opportunity to contemplate the precariousness of data safety in the online world.

“Zynga’s data breach exposing the usernames, emails and passwords of more than 200m users further demonstrates that user data is never safe,” Prigge said.

“Whether playing innocent games on your phone or ordering food from DoorDash, cybercriminals are looking for every opportunity possible to acquire user data. This exposed information is sure to find a home on the dark web, enabling fraudsters to log into user accounts.

“It’s apparent that these traditional authentication methods can no longer be trusted.”

Eva Short was a journalist at Silicon Republic