Sometime in the past few weeks a hacker calling himself Gnosticplayers hacked into Zynga’s Words with Friends database; the Words with Friends hack breached the personal data of more than 218 million Words with Friends players. In addition to the Words with Friends data breach, the breach has affected some Draw Something users, and users of a now-defunct Zynga game called OMGPOP.
The hack compromised player names, email addresses, phone numbers, Facebook IDs, and encrypted passwords (of course password encryption is no guarantee that the hacker doesn’t know your password, as we saw just a few days ago in the Animoto breach).
Zynga apparently discovered and secured the breach in the first week of September, 2019, as the hacker himself has said that it affects anyone who has signed up for and installed Words with Friends (both iOS and Android) prior to September 2, 2019.
In fact, the hacker has been more open and forthcoming about the breach than has Zynga. Instead of quickly notifying all of their users, Zynga quietly, down-playedly mentioned it in the Zynga investors’ area about 2 1/2 weeks ago, on September 12, 2019.
Zynga Announcement of Words with Friends Data Breach to Zynga Investors
Cyber attacks are one of the unfortunate realities of doing business today. We recently discovered that certain player account information may have been illegally accessed by outside hackers. An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
While the investigation is ongoing, we do not believe any financial information was accessed. However, we have identified account login information for certain players of Draw Something and Words With Friends that may have been accessed. As a precaution, we have taken steps to protect these users’ accounts from invalid logins. We plan to further notify players as the investigation proceeds.
The security of our player data is extremely important to us. We are working hard to address this matter and remain committed to supporting our community. Additional information is available on our Player Support page.
As it relates to our business outlook, we are reaffirming our Third Quarter and Full-Year 2019 guidance and financial outlook as communicated in our Q2 2019 Quarterly Earnings Letter on July 31, 2019.
###
That’s it! That’s the entire announcement!
At around the same time Zynga did put up a notice in the Zynga area of Helpshift.com, saying much the same thing, and including the following FAQ:
Do I need to do anything right now?
Zynga has already taken steps to protect users’ accounts from invalid logins where we believe that passwords may have been accessed. In some cases, you may be prompted to change your password.
Was my Facebook, Android, or iOS password accessed?
Zynga does not collect your passwords for Facebook, Android, or iOS, and we have no indication that this information was involved in the event.
What are some steps I can take to help keep my password secure?
Never give anyone your login name and password for your Zynga account or for the platform on which you play Zynga games (e.g.,Facebook, Apple, Google Play, etc.). Zynga and its employees will never ask for your login information. Don’t reuse your passwords. Create a unique and strong password for every account or login you have. If you used your Zynga password on another website or app, it is a good practice to change your password on the other website or app.
Besides changing my password, what else can I do to protect my account?
The security of our player data is extremely important to us. Click here for more information.
Do players have the ability to delete their current and historical data held by Zynga at this time?
Information about data deletion requests is available here.
###
If you are a Words with Friends player (or Draw Something or OMGPOP), did you get a notice from Zynga about this breach?
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
