Zynga Inc.

Summary

The popular mobile social gaming company, Zynga Inc., has become the latest breach victim of a Pakistani hacker, also known as Gnosticplayers. Zynga Inc. acknowledged the breach and announced that, at this time, ‘Words With Friends,’ and ‘Draw Something,’ have been illegally accessed, affecting approximately 218 million users. The cybercriminal is also responsible for several rounds of data dumps on the dark web marketplace, Dream Market, earlier this year, after hacking popular mobile apps, resulting in over 700 million confirmed compromised accounts. Compromised information includes names, email addresses, login and account IDs, and hashed passwords. Password reset tokens, phone numbers, and Facebook IDs that the user previously provided or requested are included. Further details can be found in The Hacker News article, and the Dark Reading article. Users of these gaming apps are advised to immediately change their passwords for these accounts and any others that use the same credentials, and enable multi-factor authentication where available. Additionally, exposed emails and phone numbers may be used in social engineering schemes.