Zynga has disclosed a data breach that may have compromised millions of account login details for its popular Words With Friends and Draw Something games. Last month the company revealed that “certain player account information may have been illegally accessed by outside hackers”.
“Our current understanding is that no financial information was accessed. However, we understand that account information for certain players of certain Zynga games may have been accessed. As a precaution, we have taken steps to protect certain players’ accounts from invalid logins.” The company has notified affected users.
“Zynga has already taken steps to protect users’ accounts from invalid logins where we believe that passwords may have been accessed. In some cases, you may be prompted to change your password,” the company says.
Zynga says it immediately began an investigation that involved computer forensics companies and law enforcement, and reiterated that users should never give out their Zynga account usernames or passwords, or for the platform they use to play Zynga games, such as Facebook.
“Zynga and its employees will never ask for your login information. Don’t reuse your passwords. Create a unique and strong password for every account or login you have. If you used your Zynga password on another website or app, it is a good practice to change your password on the other website or app.”
Commenting on the breach, ESET cybersecurity specialist Jake Moore says many people use the same password for every account. “This breach could have bigger consequences than just damage the application. Passwords are still poorly managed by the majority of people and many use the same one for every account, even with games they may consider throwaway apps. If the passwords used on such apps are the same as for other accounts, you may consider those at high risk too. People should understand the risks to their cyber health because there is a lot more a hacker can do with their data and accounts, that most people realise.”
“My advice to those affected by this breach is to download a password manager and spend a few minutes populating new unique passwords for all of their accounts. Storing such passwords in these managers is far safer than leaving yourself exposed having the same password for everything,” concludes Moore.
Users can also request deletion of current and historical user data from Zynga if they are concerned. “The security of our player data is extremely important to us. We have worked hard to address this matter and remain committed to supporting our community,” Zynga concludes.