Words With Friends hack: Data of all 218 million mobile players stolen
If you have ever installed and played the Words With Friends game on iPhone or Android, up until September 2 this year, then a hacker claims they have stolen your data.
The massive breach of the Zynga-owned Scrabble-style game is said to include the names, email addresses and phone numbers of millions of players. The hacker previously claims to have sold over 700 million stolen user records related to dozens of popular online services.
Read More:
- Year-old WhatsApp flaw still lets hackers 'put words in people's mouths'
- Logitech flaw lets hackers control your mouse and keyboard
- Capital One data breach may involve 100 million people
Known as Gnosticplayers, the Pakistan-based hacker revealed details of the latest massive data theft to The Hacker News. The revelation comes just a couple of weeks after Zynga announced that "certain player account information may have been illegally accessed by outside hackers."
However, Zynga did not reveal how many players had been affected by the hack. It said: "We have identified account login information for certain players of Draw Something and Words With Friends that may have been accessed."
The Hacker News reported: "According to the hacker, the data breach affected all Android and iOS game players who installed and signed up for the Words With Friends gone on and before 2nd September this year."
The database accessed by the hacker is said to contain personal information relating to more than 218 million users.
Based on sample data provided to The Hacker News by Gnosticplayers, the stolen information includes the following data:
- Names
- Email addresses
- Login IDs
- Hashed passwords
- Password reset token (if requested)
- Phone numbers (if provided)
- Facebook ID (if connected)
- Zynga account ID
This is clearly a bad situation for Zynga, but at least the passwords stored in the database were hashed, which means they were not stored in plain text. However, on that note, the hacker also says they have stolen data related to Zynga's now-discontinued game OMGPOP, which is said to expose clear text passwords for more than seven million users.
Given that people tend to use the same password repeatedly, this database could lead to the further hacking of individuals who used the same passwords and email addresses elsewhere - potentially with email accounts or even online banking services.
The hacker also claims to have accessed user data relating to Zynga's other smash-hit game, Draw Something.
It should go without saying, but we now urge all Words With Friends, Draw Something and former OMGPOP players to change their passwords immediately, and keep an eye on all their online accounts for suspicious activity over the coming days, weeks and months. It is also worth setting up a password manager, if you don't use one already.
Keeper Password Manager