New report says Zynga breach in September affected 172 million accounts

A person reading about a data breach of 172 million Zynga accounts.
  • In September 2019, a password breach of online game company Zynga Inc. was reported affecting  approximately 200m users.
  • Log-in information for players of Draw Something and Words With Friends may have been accessed such as email addresses, usernames, passwords and more.
  • Zynga contacted affected users at the time. According to the company, no financial information was accessed.
  • In December 2019, it has now been announced by a data breach monitoring website that the stolen database contained  information on 172,869,660 unique accounts.

How did the breach happen?

Outside hackers accessed a database containing account information of players that installed the game Words With Friends before September 2, 2019.

Who is responsible?

In September 2019, a hacker going by the name Gnosticplayers claimed responsibility for breaching the data of more than 200 million Words With Friends accounts which included both Android and iOS players.

What data was stolen in the hack?

  • Email addresses
  • Usernames
  • Login Ids
  • Facebook IDs
  • Some phone numbers
  • Hashed and salted passwords. This two-layer process for password security (which is a form of cryptography similar to encryption), would be time-consuming and expensive for anyone trying to uncover usable passwords.

How many account records were stolen?

Media reports in September 2019 noted that the hacker then claimed to have accessed the data of more than 200 million players of Zynga games, including Words With Friends and Draw Something accounts. Recently, however, a website that allows users to check if their data has been compromised in a breach has reported that the breached data included 173 million unique email addresses, usernames, and hashed/salted passwords.

According to a statement on Zynga’s website, “As a precaution, we have taken steps to protect certain players’ accounts from invalid logins, including but not limited to where we believe that passwords may have been accessed.  Zynga has begun the process of sending individual notices to players where we believe that notice is required.“

What should I do if my information may have been exposed?

Data breaches and exposure of your personal information can make you more vulnerable to cybercrime.

The exposure of names, email addresses, and phone numbers could raise a variety of risks. Here are some steps you can take to help protect yourself:

  • Watch for spam messaging. Cybercriminals can use your phone number to send messages tied to scams and with links that could infect your device with malicious software.
  • Beware of phishing emails. Fraudsters may use your data to trick you into opening emails or clicking on links that may appear to be legitimate

If you suspect your data may have been affected by the Zynga breach, you can take the following steps to help protect your account:

  • Change your password
  • If you are using duplicate passwords on other accounts, change the passwords on those accounts, as well.

Try Norton 360 FREE 7-Day Trial* - Includes Norton Secure VPN

7 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.
*Terms Apply

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.