Emerging Threats

New report says Zynga breach in September affected 172 million accounts

  • In September 2019, a password breach of online game company Zynga Inc. was reported affecting  approximately 200m users.
  • Log-in information for players of Draw Something and Words With Friends may have been accessed such as email addresses, usernames, passwords and more.
  • Zynga contacted affected users at the time. According to the company, no financial information was accessed.
  • In December 2019, it has now been announced by a data breach monitoring website that the stolen database contained  information on 172,869,660 unique accounts.

How did the breach happen?

Outside hackers accessed a database containing account information of players that installed the game Words With Friends before September 2, 2019.

Who is responsible?

In September 2019, a hacker going by the name Gnosticplayers claimed responsibility for breaching the data of more than 200 million Words With Friends accounts which included both Android and iOS players.

What data was stolen in the hack?

  • Email addresses
  • Usernames
  • Login Ids
  • Facebook IDs
  • Some phone numbers
  • Hashed and salted passwords. This two-layer process for password security (which is a form of cryptography similar to encryption), would be time-consuming and expensive for anyone trying to uncover usable passwords.

How many account records were stolen?

Media reports in September 2019 noted that the hacker then claimed to have accessed the data of more than 200 million players of Zynga games, including Words With Friends and Draw Something accounts. Recently, however, a website that allows users to check if their data has been compromised in a breach has reported that the breached data included 173 million unique email addresses, usernames, and hashed/salted passwords.

According to a statement on Zynga’s website, “As a precaution, we have taken steps to protect certain players’ accounts from invalid logins, including but not limited to where we believe that passwords may have been accessed.  Zynga has begun the process of sending individual notices to players where we believe that notice is required.“

What should I do if my information may have been exposed?

Data breaches and exposure of your personal information can make you more vulnerable to cybercrime.

The exposure of names, email addresses, and phone numbers could raise a variety of risks. Here are some steps you can take to help protect yourself:

  • Watch for spam messaging. Cybercriminals can use your phone number to send messages tied to scams and with links that could infect your device with malicious software.
  • Beware of phishing emails. Fraudsters may use your data to trick you into opening emails or clicking on links that may appear to be legitimate

If you suspect your data may have been affected by the Zynga breach, you can take the following steps to help protect your account:

  • Change your password
  • If you are using duplicate passwords on other accounts, change the passwords on those accounts, as well.

Cyber threats have evolved, and so have we.

Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.

Try Norton 360 with Lifelock.


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.