In the still earlier years of Facebook, around 2009, Farmville was the go-to game for me and thousands of users on Facebook. Built by Zynga, an American game developer, it surely made our lives more fun. However, the company has many more famous titles to its name.
One such game named “Words with Friends” was recently the victim of a data breach exposing the records of 218 million users which included their names, email addresses, phone numbers, hashed passwords and Facebook IDs.
Analyzing these, we could expect a misuse of the first 3 potentially for identity theft and social engineering campaigns whereas hashed passwords due to encryption measures would not be an easy nut to crack. On the other hand, User IDs can only be used to access already public data so they don’t present a threat either.
The hacker in question who goes by the name of Gnosticplayers has also been involved earlier in selling the breached data of over 30 companies on the dark web. Among these was also included another game development platform named Armor Games, seems like he has a particular liking for targeting gaming communities. It has not been confirmed though as to how he gained access to the data.
Another breach from the group also includes hacking of online graphic-design tool Canva in which personal and login data of more than 139 million users was stolen and leaked on the Internet. The same hacker made headlines for selling 126 million and 92 million accounts stolen from several companies.
In an exclusive conversation with Hackread, Gnosticplayers also shared in-depth details and sample data extracted from the Zynga breach.
“All users up to September 2nd, 2019 are affected by the breach. The total in approximately more than 218 million entries. Other Zynga properties were also stolen, such as the discontinued OmgPop game, storing this time… cleartext passwords, for more than seven million users, Gnosticplayers told Hackread.”
“While explaining the motive behind targeting Zynga, the hacker explained that “This time the motive is not just the money or anything else, this time the goal is to find a meaning behind what I did. I can’t live rich, and won’t live rich if I people around me are despising me, and liking me for the money I can borrow them, they will do everything for this but a life full of lies such as this one won’t just be the life I am willing to live.”
Currently, it is to be noted that only those who installed and signed up for the aforementioned game before or on September 2, 2019, have been impacted and the rest are safe.
For those of you who fall in the former camp, it is important that you change your passwords and also do an analysis of the permissions granted to all apps integrated with Facebook. This is to say because the less the permissions, the milder are the consequences of such an attack.
Meanwhile, Zynga has also responsibly released a statement informing users of the incident,
As a precaution, we have taken steps to protect certain players’ accounts from invalid logins, including but not limited to where we believe that passwords may have been accessed. Zynga has begun the process of sending individual notices to players where we believe that notice is required. The security of our player data is extremely important to us. We have worked hard to address this matter and remain committed to supporting our community.
In a world where data breaches are now happening every day, the future of user data in the hands of companies only looks bleak.