1 min read

Hack strikes Words with Friends and Draw Something, amid claims 218 million players' details breached

Graham CLULEY

September 30, 2019

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Hack strikes Words with Friends and Draw Something, amid claims 218 million players' details breached

Players of the popular Words with Friends and Draw Something smartphone games are being advised to change their passwords following what sounds like a security breach at game developer Zynga.

Zynga, which also develops other hit games such as FarmVille and Mafia Wars, posted an advisory earlier this month that the account login details of “certain players” of Draw Something and Words with Friends “may have been accessed”, and shared links with information about how players could change their passwords.

Zynga said that it did not believe any financial information had been accessed, and said that it had informed law enforcement agencies of the security breach. What it did not share, however, was any indication of the scale of a breach involving some of the world’s most popular smartphone games.

However, a report published yesterday by The Hacker News suggests that simply suggesting (as Zynga did) that “certain players” are affected may be underplaying the scale of the breach.

Pakistani hacker Gnosticplayers told The Hacker News that he managed to extract 218 million records from Zynga’s servers.

According to the hacker, details stolen included:

  • names
  • email addresses
  • usernames
  • hashed passwords, SHA1 with salt
  • phone numbers
  • Facebook IDs (if linked)
  • password reset tokens (if previously requested)

If you are, or ever have been, a player of Words with Friends or Draw Something my advice would be to change your password and ensure that you are not reusing that same password anywhere else online.

You can find instructions for changing your Words with Friends password here.

You can find instructions for changing your Draw Something password here.

If you have no intention of playing the games ever again you might go one step further, and request Zynga deletes your gaming account and personal data (requests can take up to 30 days)

According to Zynga, players who connected to Draw Something via Facebook Login do not need to take any further action at this time.

tags


Author


Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like

Bookmarks


loader