Zynga Breach Update: Fewer Records Hacked Than Predicted Earlier

A few months ago, Zynga suffered a cybersecurity incident that affected millions of users. At that time, the hacker behind the attack claimed to have pilfered data of around 219 million users. HIBP has shared a Zynga breach update which reveals the actual count to be 173 million.

Zynga Hack Overview

In September, the popular game developer Zynga suffered a massive cyber attack. The hacker Gnosticplayers reportedly breached the Zynga game ‘Words With Friends’, stealing data of all Android and iOS users.

As claimed by the hacker, the stolen data included detailed gamers’ account information such as names, email addresses, hashed and SHA1-salted passwords, Login IDs, Facebook IDs, contact numbers, Zynga account ID, and any password reset token (if requested).

Moreover, the hacker also hacked two more games ‘Draw Something’ and OMGPOP (discontinued) that exposed unencrypted passwords of 7 million users.

Following the attack, the attacker boasted about the breach claiming to have the data of around 219 million Zynga users.

Zynga Breach Update

After the incident, Zynga did confirm the hack officially. However, they did not specify any count regarding the affected users. At that time, they only mentioned about the ongoing investigations.

Now, the data breach alert service HaveIBeenPwned has shared an update about the Zynga breach. As revealed from the details uploaded on the HIBP website, the incident affected 172,869,660 accounts. Whereas, the exposed details included usernames, email addresses, and passwords.

Though, HIBP has merely referred to the ‘Words With Friends’ breach. It has not mentioned anything about the other two hacked games yet, as claimed by Gnosticplayers. As stated on HIBP,

In September 2019, game developer Zynga (the creator of Words with Friends) suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.

Let us know your thoughts in the comments.

Related posts

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs

Sign1 Malware Targeted Over 2500 WordPress Sites In Recent Campaign