A Pakistani hacker who has sold almost a billion user records stolen from nearly 45 popular online services earlier this year has now claimed to have hacked the famous mobile social game company Zynga Inc.
Zynga is one of the world’s most successful social game developers having a current market capitalization of over $5 billion. They have a wide collection of hit online games which includes FarmVille, Words with Friends, Zynga Poker, Mafia Wars, and Café World to name a few and has more than a billion players worldwide.
The hacker known by the name Gnosticplayers, stated that he managed to breach the popular Zynga-developed word puzzle game called as “Words with Friends,” and unauthorizedly access a large database comprising of more than 218 million users.
The data breach affected all Android and iOS game players who have installed and signed up for the ‘Words with Friends’ game on and before 2nd September this year.
Zynga admitted the data breach stating that the account login information for certain players of Draw Something and Words with Friends may have been accessed. However, the company did not reveal the number of users affected by the breach.
As per the sample data Gnosticplayers shared, the stolen users’ information includes their Names, Email addresses, Login IDs, Hashed passwords, SHA1 with salt, Password reset token (if ever requested), Phone numbers (if provided), Facebook ID (if connected) and the Zynga account ID.
Other than this, the hacker also claimed that he has hacked data belonging to some other Zynga-developed games, like Draw Something and the discontinued OMGPOP game, which allegedly exposed clear text passwords for more than 7 million users.
The company has initiated an immediate investigation seeking the assistance of leading third-party forensics firms and they have also contacted the law enforcement.
The company has planned to notify the players as the investigation proceeds further.
Those users of the Words with Friends game, are highly recommended to change their password for the account as well as for other services if the same password has been reused.