1 min read

Hack strikes Words with Friends and Draw Something, amid claims 218 million players' details breached

Graham CLULEY

September 30, 2019

Hack strikes Words with Friends and Draw Something, amid claims 218 million players' details breached

Players of the popular Words with Friends and Draw Something smartphone games are being advised to change their passwords following what sounds like a security breach at game developer Zynga.

Zynga, which also develops other hit games such as FarmVille and Mafia Wars, posted an advisory earlier this month that the account login details of “certain players” of Draw Something and Words with Friends “may have been accessed”, and shared links with information about how players could change their passwords.

Zynga said that it did not believe any financial information had been accessed, and said that it had informed law enforcement agencies of the security breach. What it did not share, however, was any indication of the scale of a breach involving some of the world’s most popular smartphone games.

However, a report published yesterday by The Hacker News suggests that simply suggesting (as Zynga did) that “certain players” are affected may be underplaying the scale of the breach.

Pakistani hacker Gnosticplayers told The Hacker News that he managed to extract 218 million records from Zynga’s servers.

According to the hacker, details stolen included:

  • names
  • email addresses
  • usernames
  • hashed passwords, SHA1 with salt
  • phone numbers
  • Facebook IDs (if linked)
  • password reset tokens (if previously requested)

If you are, or ever have been, a player of Words with Friends or Draw Something my advice would be to change your password and ensure that you are not reusing that same password anywhere else online.

You can find instructions for changing your Words with Friends password here.

You can find instructions for changing your Draw Something password here.

If you have no intention of playing the games ever again you might go one step further, and request Zynga deletes your gaming account and personal data (requests can take up to 30 days)

According to Zynga, players who connected to Draw Something via Facebook Login do not need to take any further action at this time.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read
A Heads-Up on Stalkerware, the Wolf Software in Sheep’s Clothing A Heads-Up on Stalkerware, the Wolf Software in Sheep’s Clothing
Silviu STAHIE

August 03, 2021

4 min read
NSA Releases Guidance on Securing Wireless Devices While in Public NSA Releases Guidance on Securing Wireless Devices While in Public
Filip TRUȚĂ

August 03, 2021

2 min read