If the worst thing you got from Santa was coal in your stocking, you’re lucky. However, if you’re one of the 320 billion people who play any of game developer Zynga’s apps -- Words With Friends, FarmVille, Hit It Rich! Slots, CSR Racing, or Zynga Poker -- your luck may not have been so good.
A report has surfaced at HaveIBeenPwned which details how Zynga suffered a serious data breach in September 2019 -- serious as in the exposure of 173 million email addresses, usernames, and passwords.
A Pakistani cyber robber baron staked their claim at The Hacker News that they were behind not only this hack but more than 40 other online services.
A double-edged sword
This hack is a double-edged sword. To its credit, Zynga admitted to the hack in September, but it wasn’t until last week that the number of accounts that had been compromised came to light.
The big question is why did Zynga wait so long to tell users. The company’s answer is essentially “no comment,” preferring to tell the media that it won’t comment past the statement it made in September.
What was hacked
According to The Hacker News and sample data from Gnosticplayers, stolen users' information includes:
Names
Email addresses
Login IDs
Password reset token (if ever requested)
Phone numbers (if provided)
Facebook ID (if connected)
Zynga account ID
“While the investigation is ongoing, we do not believe any financial information was accessed,” Zynga said. “However, we have identified account login information for certain players of Draw Something and Words With Friends that may have been accessed. As a precaution, we have taken steps to protect these users’ accounts from invalid logins. We plan to further notify players as the investigation proceeds.”
Consumers wanting an extra ounce of security might want to check Zynga’s Player Support site where the company addresses exactly what it’s doing in the wake of the hack.
Time to change passwords?
If you have some downtime over the holidays, it might be worth your while to do three things: 1) check to see which breaches may have included your personal information; 2) change passwords across the board; and, 3) get a new password manager.
In light of both Zynga’s and Wawa’s recent hacks, and the seemingly never-ending private data piracy that goes on, consumers can’t be too loose with their personal information.