The popular mobile social game company Zynga Inc. is the latest victim of a cyber-attack that compromised the personal information of more than 218 million gamers.
A Pakistani hacker, with an online name Gnosticplayers, who previously made headlines earlier this year for his various cybercrimes, managed to breach Zynga’s developed word puzzle game Words with Friends and allegedly accessed a database that contained more than 218 million gamers’ data, according to an official statement.
The gaming company stated that it also identified the account login information for certain players of the Draw Something game had been accessed. According to Zynga, the incident affected all Android and iOS game players who installed and signed up for the Words with Friends game on and before September 2, 2019. The exposed information included Names, Email addresses, Login IDs, Hashed passwords, SHA1 with salt, password reset token, phone numbers, Facebook IDs, and Zynga account ID details.
“We recently discovered that certain player account information may have been illegally accessed by outside hackers. An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement,” Zynga said in a post.
“While the investigation is ongoing, we do not believe any financial information was accessed. However, we have identified account login information for certain players of Draw Something and Words with Friends that may have been accessed. As a precaution, we have taken steps to protect these users’ accounts from invalid logins. We plan to further notify players as the investigation proceeds,” Zynga added.
Earlier, Gnosticplayers hacked content of nearly 26.42 million from six different companies and kept for sale on the dark web for 1.2431 bitcoin (around $4,940). The hacker compromised the data by hacking dozens of popular websites from various companies.
The hacker stated this would be his last batch of the stolen database that contained nearly 27 million users’ records stolen from 6 different websites- Youthmanual (1.12 million accounts), GameSalad (1.5 million accounts), Bukalapak (13 million accounts), Lifebear (3.86 million accounts), EstanteVirtual (5.45 million accounts), and Coubic (1.5 million accounts).
It’s believed the hacker previously kept three rounds of stolen accounts up for sale on the popular dark-web market called Dream Market. Previously, the hacker exposed the details of around 620 million accounts stolen from 16 websites in the first round, 127 million records from 8 sites in the second, and 92 million from 8 websites in the third.