Zynga Breach Hit 173 Million Accounts

Zynga Breach Hit 173 Million Accounts

Nearly 173 million usernames and passwords were compromised when a leading gaming developer was breached in September, it has emerged.

Zynga burst on the gaming scene when its Farmville title became a hit a decade ago. It followed this success with Words with Friends, a hugely popular Scrabble-like word game it acquired.

Although Zynga acknowledged the breach at the end of September, several weeks after hackers struck, notification site HaveIBeenPwned now has the official figure on how many accounts were affected.

It claimed in an update late last week that a total of 172.9 million unique email addresses, along with usernames and passwords, were compromised in the attack. On the plus side, passwords were stored as salted SHA-1 hashes, which makes them much harder to monetize.

News of the breach went public at the end of September when notorious cyber-criminal “Gnosticplayers” claimed to have obtained data on over 218 million users.

At the time, Zynga responded by urging users not to share passwords across multiple accounts, and to ensure they create “a unique and strong” credential for all of their online accounts.

“Cyber-attacks are one of the unfortunate realities of doing business today. We recently discovered that certain player account information may have been illegally accessed by outside hackers,” it said at the time.

“We understand that account information for certain players of certain Zynga games may have been accessed. As a precaution, we have taken steps to protect certain players’ accounts from invalid logins, including but not limited to where we believe that passwords may have been accessed.”

Tim Dunton, MD of Nimbus Hosting, argued that social gaming customers are prime targets for data theft.

“All online game organizations need to ensure cybersecurity measures are a top priority in their company culture, to avoid this kind of attack happening in the future,” he added.

“They need to focus on adopting safe, modern and frequently updated IT servers, which are immune to leaking information, even to the most advanced of criminal cyber-specialists.”

Source: Information Security Magazine