Cyber Incident Victim: Zynga
Date:
Sep 2019
Location:
United States of America
Summary
A hacker known as Gnosticplayers breached Zynga's systems, compromising over 218 million user records from the 'Words With Friends' game, with additional data exposed from 'Draw Something' and the discontinued 'OMGPOP'. The stolen information included names, email addresses, login IDs, hashed passwords, phone numbers, Facebook IDs, and account IDs for players who signed up before early September. The company confirmed unauthorized access to account login details but stated no financial information was accessed. Zynga initiated an investigation with third-party forensics experts, notified law enforcement, and implemented protective measures for affected accounts to prevent unauthorized logins.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 29, 2019, reports emerged that a hacker operating under the alias Gnosticplayers claimed unauthorized access to Zynga Inc.'s systems, specifically targeting the 'Words With Friends' mobile game. The attacker asserted possession of over 218 million user records, attributing the breach to vulnerabilities in Zynga's infrastructure. According to the hacker's statements to The Hacker News, compromised data included names, email addresses, login IDs, SHA1-hashed passwords with salt, password reset tokens, phone numbers (where provided), Facebook IDs (for connected accounts), and Zynga account IDs. The breach reportedly impacted all Android and iOS users who installed and registered for 'Words With Friends' prior to September 2, 2019. Gnosticplayers provided a data sample to substantiate the claim and further alleged access to player information from other Zynga titles, including 'Draw Something' and the discontinued 'OMGPOP' game. Zynga confirmed the incident through an official statement, acknowledging potential exposure of account login credentials for 'Words With Friends' and 'Draw Something' players while emphasizing that financial data remained uncompromised.
Zynga initiated an immediate investigation upon discovering the breach, engaging third-party forensic firms to assist with technical analysis and notifying law enforcement authorities. The company implemented protective measures to block invalid login attempts on potentially affected accounts and committed to notifying impacted users as the investigation progressed. Internal assessments confirmed the attacker accessed systems storing player account information but found no evidence of financial data exfiltration. The breach's scope extended beyond initial reports, with Gnosticplayers claiming additional access to data from multiple Zynga gaming platforms. As a precautionary measure, cybersecurity experts recommended users change passwords not only for Zynga accounts but also for any external services sharing identical credentials. The incident marked Gnosticplayers' latest high-profile attack following previous data theft campaigns targeting nearly 45 online services earlier that year.