The personal details of more than 218 million "Words With Friends" players have been stolen by a serial hacker who claims to have gained access to the systems of popular mobile social game company Zynga.
Going by the online alias Gnosticplayers, the Pakistani hacker claims the data breach affects all Android and iPhone users who installed and signed up for the Words With Friends game before 2nd September this year.
Based on a sample data Gnosticplayers shared with The Hacker News , the stolen users' information includes names, email addresses, login IDs and hashed passwords, as well as phone numbers and Facebook IDs (if they were provided) and password reset tokens (if they were ever requested).
The hacker also claims to have obtained data belonging to some other Zynga-developed games, including Draw Something and the discontinued OMGPOP game.
This data includes clear text passwords for more than 7 million users, the hacker claims.
Zynga admitted the data breach over a week ago, revealing that the account login information for certain players of Draw Something and Words With Friends "may have been illegally accessed by outside hackers".
However, it did not reveal the number of affected users.
"An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement," the company said.
"As a precaution, we have taken steps to protect these users' accounts from invalid logins. We plan to further notify players as the investigation proceeds."
The same hacker made headlines earlier this year for putting almost a billion user records stolen from nearly 45 popular online services up for sale on the popular dark-web market Dream Market in February and March.
Commenting on the data breach, Jake Moore, cybersecurity specialist at ESET, said it could have bigger consequences than just damaging the application.
"Passwords are still poorly managed by the majority of people and many use the same one for every account, even with games they may consider 'throwaway apps'," he said.
"If the passwords used on such apps are the same as for other accounts, you may consider those at high risk too.
"People should understand the risks to their cyber health because there is a lot more a hacker can do with their data and accounts than most people realise."
Source: Read Full Article