If you played Words With Friends or Draw Something before September 2019, or if you suspect your credentials were part of the breach, you should take immediate action:
In September 2019, a Pakistani hacker known as "Gnosticplayers" claimed responsibility for breaching Zynga's player database. The hacker successfully accessed a massive cache of user data. Zynga later confirmed the unauthorized access. The stolen data included: and email addresses Log-in credentials (usernames) Password hashes (SHA-1 with salt) Phone numbers (for a subset of users) Zynga account IDs linked to Facebook logins
Cybercriminals frequently capitalize on public interest in major data breaches. Malicious actors set up websites, torrents, or Discord channels promising "high-quality" zip files of the Zynga database. In reality, these downloads often contain hidden malware, Trojan horses, info-stealers, or ransomware designed to infect the downloader's computer. Identity Theft and Phishing zynga data breach download high quality
The intrusion occurred around September 1, 2019. Independent researchers believe the hacker exploited a web-application flaw to gain remote code execution, which allowed them to pivot directly into the user account database. Data Breach
: External forensics firms were hired, and federal law enforcement was notified. If you played Words With Friends or Draw
In December 2021, Zynga, a popular online gaming company, announced that it had suffered a data breach that exposed sensitive information of its users.
However, SHA-1 is an outdated algorithm that is highly vulnerable to modern hardware acceleration. Using high-powered Graphics Processing Units (GPUs) and pre-computed rainbow tables, attackers can easily "crack" weak or common SHA-1 hashes. Over the years, massive portions of the Zynga password database have been successfully converted back into plain text, significantly increasing the utility of the leak for credential stuffing attacks. The Hidden Dangers of Searching for the Download The stolen data included: and email addresses Log-in
The numbers vary by source:
Why media coverage matters