September 30, 2019

218 million Words With Friends app users hit by data breach

By Ellen Daniel

Users of popular word game app Words With Friends are being advised to change their passwords as game developer Zynga suffers large-scale data breach.

The details of 218 million Words With Friends users have allegedly been compromised by a hacker by the name of Gnosticplayers who accessed Zynga’s database, according to the Hacker News.

Players’ names, email addresses, login IDs, hashed passwords, password reset tokens, phone numbers, Facebook IDs and Zynga account IDs are thought to be affected. The attack is thought to affect all players who downloaded the app before 4 September 2019, on both Android and IOS.

According to The Inquirer, two other games by Zynga, OMGPOP and Draw Something, were also affected, with the details of seven million users exposed.

Zynga has issued a statement earlier this month, saying that it had “recently discovered that certain player account information may have been illegally accessed by outside hackers” and that “an investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement.”

Advice for Words With Friends users impacted by the data breach

Although the social game developer did not believe “any financial information was accessed” it said that it had “taken steps to protect these users’ accounts from invalid logins. We plan to further notify players as the investigation proceeds.”

As usual, the advice to anyone affected by the breach is to change their Words With Friends password immediately, and avoid using the same password on multiple accounts.

Jake Moore, Cybersecurity Specialist at ESET believes that poor password management amplifies the consequences of breaches such as this:

“This breach could have bigger consequences than just damage the application. Passwords are still poorly managed by the majority of people and many use the same one for every account, even with games they may consider “throwaway apps”. If the passwords used on such apps are the same as for other accounts, you may consider those at high risk too. People should understand the risks to their cyber health because there is a lot more a hacker can do with their data and accounts, that most people realise.

“My advice to those affected by this breach is to download a password manager and spend a few minutes populating new unique passwords for all of their accounts. Storing such passwords in these managers is far safer than leaving yourself exposed having the same password for everything”

Read More: Lion Air data breach files bounced around forums for over a month.